Menu
▾
▴
Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once
|
From: lists <li...@la...> - 2022-01-20 06:44:23
|
It won't help because I still want to block hosting services, servers, VPS, etc. I need the ability to have a large static block list. Incidentally if the developers want something else to block, tor exit nodes are documented. I had a script to block them too but dropped it due to the same firewalld issue. There is an API for the exit nodes. Nothing I serve needs to have the viewers IP hidden. Every time I read about some hacking I look at the IP and I usually have it blocked. Original Message From: joh...@as... Sent: January 19, 2022 9:31 PM To: ssh...@li... Subject: Re: [SSHGuard-users] performance when using firewalld: adding/removing many entries at once I set up a cron job to zero out the blacklist file every week. When the system reboots (usually for kernel update), it can rebuild the smaller file in a timely manner. Since the IPs are ever-changing anyway, the current "bad" ones get re-added to the list quickly. To keep the file size even smaller, I also have the block subnet size set to 24 (which I'm sure is not a preferable option for everyone). It's not elegant, but it works for me. Chris On 1/19/22 19:51, lists wrote: > I dropped using sshguard specifically for the load cause by adding IPs to firewalld. It was less of a load to allow failed ssh attempts than to block them. I use PKI so I think the odds of a breach are small. More likely than not some software vulnerability will lead to a breach than someone hacking ssh. _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
