Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once

[Chris J. <joh...@as...>]

I set up a cron job to zero out the blacklist file every week. When the 
system reboots (usually for kernel update), it can rebuild the smaller 
file in a timely manner. Since the IPs are ever-changing anyway, the 
current "bad" ones get re-added to the list quickly. To keep the file 
size even smaller, I also have the block subnet size set to 24 (which 
I'm sure is not a preferable option for everyone).

It's not elegant, but it works for me.

Chris

On 1/19/22 19:51, lists wrote:
> I dropped using sshguard specifically for the load cause by adding IPs to firewalld. It was less of a load to allow failed ssh attempts than to block them. I use PKI so I think the odds of a breach are small.  More likely than not some software vulnerability will lead to a breach than someone hacking ssh.