Hello, iptables is too slow to block lets say million IPs (except one is using multi level tree), im on the old OpenVZ so the ipset is not the way now when looking for way to block many IPs on the webserver i found: http://stackoverflow.com/questions/3165804/dynamic-ip-htaccess-blocklist/3178675#3178675 Also someone mentioned this whitelist ruleset: Can anyone please convert that whitelist rules into blacklist rules so it works as blacklist instead?
Ever consider just null routing the IPs? route add -net 192.67.16.0/24 gw 127.0.0.1 lo Code (markup):
You can also block by country code if you install a firewall such as CSF it makes that easier to do as well. Are you trying to basically block all traffic? If that is the case, then you can also just white list your own IP and deny all other IPs
CSF have great feature for large lists. Just add your list (txt link) on "csf.blocklist" and it works like a charm.