Re: Blocking offending IPs : How many are too many to handle for npf?

To: netbsd-users%netbsd.org@localhost
Subject: Re: Blocking offending IPs : How many are too many to handle for npf?
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 24 May 2018 01:55:23 +0000 (UTC)

In article <20180524014836.GA30203%warunjikardental.com@localhost>,
Mayuresh  <mayuresh%acm.org@localhost> wrote:
>Just tinkering with blacklistd settings.
>
>Trying to arrive at a good duration for blocking.
>
>I find that for 6 hours blocking, the blocked IPs settle around 90 to 100.
>
>Most of them just recur after block duration is over, typically they might
>be bots.
>
>Increasing the block duration would increase the count of blocked IPs.
>Would that start affecting any aspects of performance of my system or
>is there any limit beyond which npf won't accept them?
>
>i.e. what are absolute limits and what are advisable counts of
>simultaneously blocked IPs?
>
>Further, are there any ways to figure out ranges of IPs to block? I need
>ssh access from only handful of devices, but not all have static IPs. I
>think Geography may provide a clue, but not sure what's the best way to
>utilize such clue.

Tables are efficient, you don't need to worry about it :-)
You could collect data for a few days and then make some entries permanent :-)

christos

Follow-Ups:
- Re: Blocking offending IPs : How many are too many to handle for npf?
  - From: Mayuresh

References:
- Blocking offending IPs : How many are too many to handle for npf?
  - From: Mayuresh

Prev by Date: Blocking offending IPs : How many are too many to handle for npf?
Next by Date: Re: Blocking offending IPs : How many are too many to handle for npf?
Previous by Thread: Blocking offending IPs : How many are too many to handle for npf?
Next by Thread: Re: Blocking offending IPs : How many are too many to handle for npf?
Indexes:

Home | Main Index | Thread Index | Old Index