[Firewall] Big list in block-file -> crash server

Arno Nebauer arno at nebauer.net
Thu Apr 25 10:32:30 CEST 2013


Hi Michel,

Because I am a newbie with Arnos firewall, I can't give advice for the 
software. Anyway: Your list of more than 100.000 hosts / subnets is 
extremly large.

Try to find out the top networks by whois.arin.net, and you are able to 
block by /8 subnets. I did this with success to block ssh from Asia with 
just 41 subnets. I'am quite sure that my list is not complete, but here 
you are:

1.0.0.0/8
14.0.0.0/8
27.0.0.0/8
36.0.0.0/8
42.0.0.0/8
49.0.0.0/8
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
101.0.0.0/8
106.0.0.0/8
110.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
175.0.0.0/8
176.0.0.0/8
120.0.0.0/8
180.0.0.0/8
202.0.0.0/8
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
223.0.0.0/8


Am 25.04.2013 09:43, schrieb Michel van Dop:
>
> Hi,
>
> Since i have use 165176 host / subnets (lines) in my block list my new 
> server CentOS 6.4 crash 2 times in 3 days.
>
> Any one idee what i need to change in my network setting? 1/2 blocklist?
>
> Best regards,
>
> Michel
>   
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130425/f971a5d2/attachment.html>


More information about the Firewall mailing list