Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://darkpenguin.social/users/adelie/statuses/113868335101850788">Adelie (adelie@darkpenguin.social)'s status on Wednesday, 22-Jan-2025 05:56:48 JST</a><a href="https://darkpenguin.social/@adelie" title="adelie@darkpenguin.social"><img src="https://gnusocial.jp/avatar/320075-48-20250121205648.webp" width="48" height="48" alt="Adelie" style="position: absolute; left: 0; top: 0;">Adelie</a><div><a href="https://social.kernel.org/objects/636e1325-c5e2-486d-b1ab-e0dbce3094b5" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/115010" title="corbet@social.kernel.org">Jonathan Corbet</a></li></ul></div></section><article><p><a href="https://social.kernel.org/users/corbet">@corbet</a> <a href="https://fosstodon.org/@LWN">@LWN</a> </p><p>"Any kind of active defense is going to have to figure out how to block subnets rather than individual addresses, and even that may not do the trick. "</p><p>if you're using iptables, ipset can block individual ips (hash:ip), and subnets (hash:net).</p><p>Just set it up last night for my much-smaller-traffic instances, feel free to DM</p><p><a href="https://ipset.netfilter.org/" rel="nofollow noreferrer">https://ipset.netfilter.org/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4420046#notice-8647115">In conversation</a><time datetime="2025-01-22T05:56:48+09:00" title="Wednesday, 22-Jan-2025 05:56:48 JST">about 4 months ago</time> <span>from <span><a href="https://darkpenguin.social/@adelie/113868335101850788" rel="external" title="Sent from darkpenguin.social via ActivityPub">darkpenguin.social</a></span></span><a href="https://darkpenguin.social/@adelie/113868335101850788">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Adelie (adelie@darkpenguin.social)'s status on Wednesday, 22-Jan-2025 05:56:48 JSTAdelie
in reply to
- LWN.net
- Jonathan Corbet
@corbet @LWN
"Any kind of active defense is going to have to figure out how to block subnets rather than individual addresses, and even that may not do the trick. "
if you're using iptables, ipset can block individual ips (hash:ip), and subnets (hash:net).
Just set it up last night for my much-smaller-traffic instances, feel free to DM
https://ipset.netfilter.org/
In conversationabout 4 months ago from darkpenguin.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice