<html><head></head><body><div dir="auto">Ipset easily handles huge numbers of ips or subnets. My servers run older OSes, so I'm unsure how nft works with IPset.<br><br>I have one system that blocks over 130,000 subnets using ipset. It uses a single firewall rule for all those blocked subnets. Quite a few are /8 for simplicity.</div><br><br><div class="gmail_quote"><div dir="auto">On May 29, 2025 9:09:37 PM EDT, Ron via Ale <ale@ale.org> wrote:</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail"><div dir="auto">Jim Kinney via Ale wrote on 2025-05-29 17:11:<br><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><div dir="auto">Add a rule to send problem IP to a different internal port that has<br>a VERY slow page load that is a redirect notice to DHS.<br></div></blockquote><div dir="auto"><br>I don't think that'll work, since:<br><br>lollipopman691 via Ale wrote on 2025-05-29 15:31:<br><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><div dir="auto">My last TWiki log has requests from about 70,000 ip addresses for<br>that one TWiki page.<br></div></blockquote><div dir="auto">That's a *lot* of IP addresses. A virtual DDoS.<hr>Ale mailing list<br>Ale@ale.org<br><a href="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</a><br>See JOBS, ANNOUNCE and SCHOOLS lists at<br><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></div></pre></blockquote></div></body></html>