Sv: function for whitelisting IPs
dovecot at ptld.com
dovecot at ptld.com
Thu Jul 15 21:24:34 EEST 2021
> I have found that dynamic IP blocking programs such as sshguard or
> fail2ban
> are a CPU burden since that table needs to be refreshed as new IPs are
> added
> or removed so I have stopped using them.
Have you seen ipset?
https://ipset.netfilter.org/
It is built for dynamically adding/remove IP's from a firewall without
changing a table or rules or reloading the firewall. It holds a hashmap
in memory of what IP's to block and integrates into the kernel. However
you have to build your own mouse trap to use it. I don't know of
anything out of the box that would automatically add IP's to it, i wrote
my own script that gets fed log lines from rsyslog to do it.
More information about the dovecot
mailing list