Do you use reputation?
-
I was considering turning on reputation but it looks like it could be really processor intensive. Maybe just for the top 10 spamming countries? As I understand it reputation looks for repeat offenders in the lists you have selected (or rather not whitelisted) then creates special rules to drop that whole address block if a threshold is reached. I only use pfBlocker to block outbound traffic to a few specific regions right now on my home network. I was just curious if any of you used the reputation feature.
-
After a little research I decided to try using reputation with no whitelist. If I am currently only using the top 20 spammers geoip list, and I am actively blocking 6 of them, then this will keep tabs on the rest without downloading a ton of extra stuff or doing too much extra processing. If I understand how reputation works correctly (and that might be a stretch) then this should be a safe bet to make good use of the top 20 spammers geoip list.