firewalld --ipset questions
Posted: 2018/08/10 23:25:59
1. I have acquired a list of cidr ip's for a couple if countries who like to keep trying to break in. I've created and implemented my 'networkblock' ipset. To see if it would work, I began (cli) to type in entries {sudo firewall-cmd --ipset=networkblock --add-entry=1.1.9.0/24} for about 8-10 of them and then doing reloads. All was successful. The first question, after finding out that this list contains over 35000 addresses, is: Are these 35000+ addresses likely to choke my system if they are all entered? If so, then don't bother with question 2.
2. Because I am so terrible with redirection and piping, is there a simple way way to redirect/pipe all these '--add-entry=' addresses from the .txt file I have containing them (one per line)? If not, I suppose I could write a script to iterate through it, but a shorter method would be appreciated.
Thank you.
EDIT ===============================
Ignore #2 - I have a script that extracts the IPs. My worry now is #1 - will ipsetting 35000+ addresses cause the system harm when I turn the script loose on my server?
Thx
2. Because I am so terrible with redirection and piping, is there a simple way way to redirect/pipe all these '--add-entry=' addresses from the .txt file I have containing them (one per line)? If not, I suppose I could write a script to iterate through it, but a shorter method would be appreciated.
Thank you.
EDIT ===============================
Ignore #2 - I have a script that extracts the IPs. My worry now is #1 - will ipsetting 35000+ addresses cause the system harm when I turn the script loose on my server?
Thx