Just tinkering with blacklistd settings. Trying to arrive at a good duration for blocking.
I find that for 6 hours blocking, the blocked IPs settle around 90 to 100. Most of them just recur after block duration is over, typically they might be bots. Increasing the block duration would increase the count of blocked IPs. Would that start affecting any aspects of performance of my system or is there any limit beyond which npf won't accept them? i.e. what are absolute limits and what are advisable counts of simultaneously blocked IPs? Further, are there any ways to figure out ranges of IPs to block? I need ssh access from only handful of devices, but not all have static IPs. I think Geography may provide a clue, but not sure what's the best way to utilize such clue. Mayuresh
