--On Tuesday, August 27, 2019 10:37 AM +0100 Nick Howitt
<[email protected]> wrote:
FWIW if you are trying to block all non-US, I would expect it would be a
lot more efficient to generate a US only list then block all on no match
with the following in your iptables rule:
-m set ! --match-set US-list
How would you construct that list? I suspect the values in the IPDeny US
list don't cover the rest of the space and there may be desirable addresses
in the remaining space. It would be interesting to compute a negative list
of all addresses in the full list and see what's in there.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
