Performance better with aliases or pfBlockerNG for filtering inbound IPs [solved]


  • out of curiosity ..

    best way to get best performance

    put > 600 unique IPs into an alias and use it in afirewall rule
    (number growin)

    or use

    pfBlockerNG / IP for inbound

    brNP

  • LAYER 8 Global Moderator

    Where are these IPs from? If they are list based, say geoip ranges - you can just let pfblocker maintain the aliases. Just use pfblocker in alias mode.. That is how I use it.


  • no those IPs are kind of blocklist from knockin on open ports or tryin to connect to
    put from the log files into the alias

    and those aliases have grown over the years
    short said noise in the log file

    thx for the hint
    pfblocker maintain the aliases

  • LAYER 8 Global Moderator

    You can also just maintain your own aliases based on list.. Example I have this one.

    aliases.jpg

    Comes down really to where you getting the list and what is easier ;) But sure not running pfblocker if you don't need/want it would be less resources used.


  • thanks for the hint with the URLs in Aliases totally missed that one !
    great.

    pfB is runnin on the box and doin a nice job.

    so i put the IPs in a list and put it on the box for starters :)
    after sortin and deletin and checkin (gogle shodan censys ....) 400 unique remained

    next step is to put it on a server for easy maintenance and deployment

    thanks