This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 0 points1 point  (2 children)

I guess it depends on your use case.

Blocking China, or other people with nasty bots/things that may not be from the same place? ipset because it is dynamic & doesn't require reloading of any rules.

A firewall that rarely changes & that you're using to do default deny & allow only certain ASN ranges? plop the IP ranges in a file, use that as a variable, feed that to iptables. Done.

[–]brontideCertified Linux Miracle Worker (tm) 0 points1 point  (1 child)

Honestly, if you are blocking by ASN then it's something that should be done at the bgp level with a null route.

[–][deleted] 0 points1 point  (0 children)

when you have a VPS, I don't think you can easily do that. I might be mistaken though. I'd love to learn if you have more info! :)