Blocking tens of thousands of IP's

mex nginx-forum at
Fri Nov 4 09:37:43 UTC 2016

Lucas Rolff Wrote:
> You could very well do a small ipset together with iptables, it's
> fast, 
> and you don't have to reload for every subnet / ip you add.

we had the very same issue, 40k IPs to block daily and we came up
with ipset add / del which is fast as hell and has a build-in TTL

if you have a huge and dynamic set of ips to be blocked
this is the way you should go



Posted at Nginx Forum:,270680,270757#msg-270757

More information about the nginx mailing list