<div dir="ltr">OVH and Hetzner CIDR lists from RIPE are huge because of all the tiny subnets - however they compress down really well if you merge all the adjacent networks, you end up with a few dozen entires each. Whatever set of CIDRs you are putting in a set, always merge them unless you need to know which specific range in your source list was hit, thats my advice.<div><br></div><div>My experience is that both OVH and Hetzner take abuse complaints seriously and if you make the effort to contact them then they will either compel their customers to respond to you or cut them off if they can't be contacted. However when you get to the former eastern block countries and onward that doesn't happen - maybe Google Translate is just really bad at Indo-European languages, but I suspect its more cultural.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 8, 2016 at 6:15 PM, <span dir="ltr"><<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Is that 2.2 million CIDRs, or actual addresses?<br>
<br>
I use IPFW with tables for about 20k CIDRs. I don't see any significant server load. It seems to me nginx has a big enough task that it makes sense to offload the blocking to something that is more tightly integrated to the OS. <br>
<br>
At a bare minimum, block OVH and Hetzner. People bash the Russians and old Soviet block countries for hacking, but OVH and Hetzner are far worse. <br>
<br>
<br>
Original Message <br>
From: mayak<br>
Sent: Tuesday, November 8, 2016 2:58 PM<br>
To: <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
Reply To: <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<span class="im HOEnZb">Subject: Re: Blocking tens of thousands of IP's<br>
<br>
</span><span class="im HOEnZb">On 11/08/2016 07:28 PM, Jonathan Vanasco wrote:<br>
</span><span class="im HOEnZb">> On Nov 4, 2016, at 5:43 AM, mex wrote:<br>
><br>
>> we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)<br>
>> and export this stuff via /badass - location.<br>
>><br>
>> although its not realtime we have a delay of 5 sec which is enough for us<br>
</span><span class="im HOEnZb"><snip><br>
We are blocking 2.2 million addresses, however, we do it at the firewall/router (pfsense pfBlocker).<br>
<br>
Ultra fast.<br>
<br>
HTH<br>
<br>
Mayak<br>
<br>
</span><div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
<br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>