On 05/31/2018 06:24 PM, Grant Taylor via Mailman-Users wrote: > >> There are many ways to implement the same thing. Before there were >> modules in the kernel for this, I simply pulled lists of address >> blocks out of databases and incorporated them into my IPtables >> lists. There are better tools to do this today. > > ACK > > I'm curious, did you use IPSets or just a rule per network / IP?
I wrote scripts that read the list and generated a rule per network. It can be slow, but has worked reliably for many years. Since it is a mailserver, performance has not been a big issue. I am in the process of designing a replacement. If you enter your list of networks as a separate iptables list, then you only need to call that list when the traffic is on the relevant port(s), so you avoid traversing the list for other services. Nataraj ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
