logoalt Hacker News

Bendertoday at 5:08 PM1 replyview on HN

How do you decide when to add/remove a range?

The only IP's that come and go are the Tor 30 day blocklist and a couple FireHOL attackers from a repo though I will sometimes leave the last entries live until reboot. I do not really need to block tor but I use this silly blog as a testing ground. Tor and some known abusers come from a git repo I refresh periodically.

The data-centers, VPS providers, CDNs, known botnets are perma-banned. For my hobby nodes I personally find this acceptable. I would not do this in a professionally managed data-center. There are better methods for those cases especially for B2B corporate arrangements. Regardless of what daemons I run I never have external dependencies that need to be accessed from my node or from the client with exception of stratum-1 time servers.

I do have to periodically update the CIDR blocks for given ASN's. I have not automated this but I probably should some day. It's not hard to automate, I am just excessively "efficient". I was told to stop calling myself lazy, but I am.

Methods 2, 3 and 5 are the ones I talk about here. [1]

[1] - https://nochan.net/b/Internet-Crap/20260606-How-To-Block-Som...


Replies

seki285today at 9:14 PM

Thank you for including a link to your blog, very useful read.