Brian Densmore ([email protected]) wrote:
By the way, anyone have a take on what kind of performance hit this will take on a server? So far I have 22 addresses or address ranges blocked in my blacklist. And is there a better way? Most of the attempts have been to try to gain root access via ssh, which root isn't allowed to ssh anyway, so this would always fail. Some are for non-existent users.
I guess it depends how often you run it and how big your log file is. Mine was only 128k and took just a second. I guess you could run it hourly or twice a day and not take that much of a performance hit. You'd have to grab the IPs from the log, save them to a text file, then grab the unique IPs, flush the firewall rules, and then generate them again.
Not too terrible, but if you're worried about CPU cycles you might want to come up with a more effecient system. My server isn't hammered all that much so it's not a big deal.
Jeremy