On Tue, 18 May 2021 at 15:25:28 +0000, Jonathan Aquilina wrote:
> Where would you like me to start. I have through my own infrastructure
> accumulated a very nice long list which is continuously growing. Would
> you like me to see how with nftables how to implement ipset's to block
> those malicious ip's?
It's probably best to schedule another call during the coming days or
weeks. We'd need to convert the existing shorewall-based firewall
policy rules to nftables, and come up with a smooth upgrade path.
ipset replacement is trivial ‘set NAME { type ipv[46]_addr; [timeout 10m;] }’
but that's not the focus here given we don't make use of ipsets in the
first place. Also we likely can't exchange IP lists for privacy
reasons. I think dynamic sets populated on the fly by the IDS, and
automatically released after some minutes, would be fine :-)
Cheers,
--
Guilhem.
--
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy
