h0tw1r3
commented
7 months ago Using an ipset sounds like a nice performance improvement. Please open a pull request with your changes.
Open arnaudf92 opened 7 months ago
h0tw1r3
commented
7 months ago Using an ipset sounds like a nice performance improvement. Please open a pull request with your changes.
arnaudf92
commented
7 months ago Hello,
Ok. I will do that. For the moment, test period is ok :)
arnaudf92
commented
6 months ago Hello Jeffrey, When you have time, could you pls check/answer the discussion in the pull request ?
Thanks.
Hello,
I use pam_shield since few months now. I've noticed that as iptables rules are added (reached 440 in my case), the download bandwidth reduces progressively. For example I lose around 400MB on speed tests, Curl download, ...
For those interested in I modified the "shield-trigger-iptables" script so it can cope with "ipset" netfilter extension if installed. With ipset there is no more bandwidth penalty as only one rule is needed and all blacklisted ip are stored in an indexed manner (https://ipset.netfilter.org/index.html)
The modified script is attached : shield-trigger-iptables-mod.zip
Regards.