Subj : Alternative(s) to ipset on OpenVZ
To   : Stephen Walsh
From : Alexey Vissarionov
Date : Tue Dec 12 2017 09:50:50

Good ${greeting_time}, Stephen!

12 Dec 2017 09:00:00, you wrote to Joaquim Homrighausen:

 av>>> If you want to do exactly that, simply use CIDR notation with -s
 av>>> parameter.
 JH>> Using IPTABLES ... or did you mean with ipset? I can't use ipset in
 JH>> this specific case, and listing thousands of nets using IPTABLES is
 JH>> usually a bad idea.
 SW> Will this work?
 SW> https://github.com/tlhackque/BlockCountries

This never works, as there would always be at least one trojaned computer in 
your own country...

Limiting the number of connections per minute does that (SSH protection) best. 
Especially being combined with key-only authentification (if you choose proper 
algorithms, of course).


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii

.... that's why I really dislike fools.
--- /bin/vi
 * Origin: http://openwall.com/Owl (2:5020/545)

.