[arch-general] HTTP spam from China - CIDR compacting tool
Genes Lists
lists at sapience.com
Tue Feb 26 21:25:37 UTC 2019
On 2/26/19 4:01 PM, brent s. wrote:
...
>
> You can (Gene, you may find this particularly useful since you feed to
> ipset) use the pyroute2.IPSet() function to actually manage the live
>
Great thank you - I wasn't aware of this capability. I really like
python! ipset made a huge difference - major benefit I agree.
The other thing I do in my firewall script is I write the rules in
iptables-save format. Many guides continue to use the iptables
executable in their examples rather than directly writing into a file in
iptables-save format. I haven't read any guides for a long time, so
perhaps there are better ones now which speak to this.
Rather than invoking iptables repeatedly on each rule, i write an
iptables-save formatted file and then use iptables-restore to install
the entire firewall in one shot.
thank you brent ...
gene
More information about the arch-general
mailing list