Performance better with aliases or pfBlockerNG for filtering inbound IPs [solved]
-
out of curiosity ..
best way to get best performance
put > 600 unique IPs into an alias and use it in afirewall rule
(number growin)or use
pfBlockerNG / IP for inbound
brNP
-
Where are these IPs from? If they are list based, say geoip ranges - you can just let pfblocker maintain the aliases. Just use pfblocker in alias mode.. That is how I use it.
-
no those IPs are kind of blocklist from knockin on open ports or tryin to connect to
put from the log files into the aliasand those aliases have grown over the years
short said noise in the log filethx for the hint
pfblocker maintain the aliases -
You can also just maintain your own aliases based on list.. Example I have this one.
Comes down really to where you getting the list and what is easier ;) But sure not running pfblocker if you don't need/want it would be less resources used.
-
thanks for the hint with the URLs in Aliases totally missed that one !
great.pfB is runnin on the box and doin a nice job.
so i put the IPs in a list and put it on the box for starters :)
after sortin and deletin and checkin (gogle shodan censys ....) 400 unique remainednext step is to put it on a server for easy maintenance and deployment
thanks