Comment by jart
1 year ago
I just declare firewall jubilee every now and then, where I flush the iptables and let people try again. It's also because people usually only control the IPs they use temporarily, so I don't want someone innocent later on to be blocked from using the service because someone abusive used their IPs beforehand. But even if I didn't do this, it doesn't cost much for Linux to iterate over an array of blocked int32's. It's really only allocated TCP connection resources that are problematic.
I'm glad you make a point to flush the chain/let things retry. I often hear about people adding drops.. to just then forget about them
I saw millions and started to feel my heart race a little