[ale] Ouch, dang it.

Alex Carver agcarver+ale at acarver.net
Fri May 30 14:18:56 EDT 2025 

I love ipset. It's hard to beat the ease of use and the quick update 
capability. I have one ipset list that handles one-off events where I 
can rapidly dump a single, troublesome IP inside so I can deal with 
stuff later. Otherwise I just start blocking whole subnets.

The largest set which is entirely CIDRs greater than /24 on one server is:

Total lines in blocklist: 79779
Total IPv4s blocked: 789,568,787

And that's IPs blocked after this non-overlapping set in the main 
firewall which is primarily /16 or larger:

Total lines in blocklist: 5451
Total IPv4s blocked: 353,610,636

(I don't bother with IPv6 because I don't have it enabled.)

Blocking huge chunks of the network cuts traffic down dramatically 
especially as bots give up and instruct other bots not to bother. I 
don't think I've truly lost any functionality, at least not that I've 
noticed over many years of making ever larger block lists.

On 2025-05-29 19:23, dj-Pfulio via Ale wrote:
> Ipset easily handles huge numbers of ips or subnets. My servers run older OSes, so I'm unsure how nft works with IPset.
> 
> I have one system that blocks over 130,000 subnets using ipset.  It uses a single firewall rule for all those blocked subnets.  Quite a few are /8 for simplicity.
> 
> On May 29, 2025 9:09:37 PM EDT, Ron via Ale <ale at ale.org> wrote:
>> Jim Kinney via Ale wrote on 2025-05-29 17:11:
>>
>>> Add a rule to send problem IP to a different internal port that has
>>> a VERY slow page load that is a redirect notice to DHS.
>>
>> I don't think that'll work, since:
>>
>> lollipopman691 via Ale wrote on 2025-05-29 15:31:
>>
>>> My last TWiki log has requests from about 70,000 ip addresses for
>>> that one TWiki page.
>> That's a *lot* of IP addresses. A virtual DDoS.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list