On Tue, 18 May 2021 at 15:25:28 +0000, Jonathan Aquilina wrote: > Where would you like me to start. I have through my own infrastructure > accumulated a very nice long list which is continuously growing. Would > you like me to see how with nftables how to implement ipset's to block > those malicious ip's?
It's probably best to schedule another call during the coming days or weeks. We'd need to convert the existing shorewall-based firewall policy rules to nftables, and come up with a smooth upgrade path. ipset replacement is trivial ‘set NAME { type ipv[46]_addr; [timeout 10m;] }’ but that's not the focus here given we don't make use of ipsets in the first place. Also we likely can't exchange IP lists for privacy reasons. I think dynamic sets populated on the fly by the IDS, and automatically released after some minutes, would be fine :-) Cheers, -- Guilhem. -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ Privacy Policy: https://www.documentfoundation.org/privacy