Lucas Rolff Wrote: ------------------------------------------------------- > You could very well do a small ipset together with iptables, it's > fast, > and you don't have to reload for every subnet / ip you add.
we had the very same issue, 40k IPs to block daily and we came up with ipset add / del which is fast as hell and has a build-in TTL if you have a huge and dynamic set of ips to be blocked this is the way you should go cheers, mex Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270680,270757#msg-270757 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
