One of my issues with blindly applying techniques to block certain IPs is trusting the sources of the data - many people have ended up on a blocklist that shouldn't have.
That said, ipset is so effective and so scalable, that perhaps deploying this by default http://www.linuxjournal.com/content/server-hardening?page=0,1 would be a good idea. Are there any more ipv6 specific blocklists out there? _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel
