[arch-general] HTTP spam from China - CIDR compacting tool
Juha Kankare
juhakankare at outlook.com
Tue Feb 26 23:31:56 UTC 2019
On 26/02/2019 23:25, Genes Lists via arch-general wrote:
> On 2/26/19 4:01 PM, brent s. wrote:
>
> ...
>> You can (Gene, you may find this particularly useful since you feed to
>> ipset) use the pyroute2.IPSet() function to actually manage the live
>>
> Great thank you - I wasn't aware of this capability. I really like
> python! ipset made a huge difference - major benefit I agree.
>
> The other thing I do in my firewall script is I write the rules in
> iptables-save format. Many guides continue to use the iptables
> executable in their examples rather than directly writing into a file in
> iptables-save format. I haven't read any guides for a long time, so
> perhaps there are better ones now which speak to this.
>
> Rather than invoking iptables repeatedly on each rule, i write an
> iptables-save formatted file and then use iptables-restore to install
> the entire firewall in one shot.
>
> thank you brent ...
>
> gene
I feel like it's easier to just let the command do the formatting. On
top of that, doing the same for ipset requires like, a lot of extra
lines and formatting for something very simple. Simply iterating through
the ip's with the ipset executable makes creating the lists that much
easier.
--
Regards, Juha Kankare
More information about the arch-general
mailing list