[CentOS] Switching from lokkit (iptables) to firewalld

Tue Feb 4 10:37:04 UTC 2020
Pete Biggs <pete at biggs.org.uk>

On Mon, 2020-02-03 at 19:04 -0500, Jerry Geis wrote:
> Hi All,
> Over the last 20 some years I have a file with about 200K worth of address
> that have "wrongly" tried to connect to my boxes running centos.  So the
> file has one line per address or group of addresses like:
> So using the OLD iptables I would run through my file build the
> iptables.txt file and start that with DROP for the IP address. iptables ran
> through the big list in no time.
> I was trying to run a script to go through each line and run:
>  firewall-cmd --zone=drop --add-source="$ipblock" --permanent
> but this takes a long time.
> What is a "better" way or more efficient way to keep my long list of bad
> addresses and apply them?  Thanks,

To some extent you need to ask yourself if a 20 year old blacklist is
really effective these days. Lots will have changed in that time and
many of the addresses will have been reassigned.

Also, a 200k lump of addresses will surely slow down the processing of
incoming packets?

Perhaps it's time to rethink what you do. Can you define what addresses
would "rightly" try and connect to your machine and whitelist those on
a normally closed system (rather than blacklisting those on a normally
open system).

If you need the system to be open, then I find Fail2Ban useful in
blacklisting addresses that are being naughty.