[missingcolours]

Almost every time I start a new job I find a list of "blacklisted IPs" in the firewall and no one seems to know from whence they came, they've just always been there. It's a perfectly reasonable short term solution in some situations where there are few options, but like, expire them after some period of time, don't leave random IPs blocked for years.

[kaliszad]

Well, at my previous job, the company was blackholing 1.1.1.0/24 and others in the 1.0.0.0/8 subnet because that was the previous LAN. Thankfully, I have done an audit and removed this nonsense.

[rootw0rm]

that's insane. i block IPs for 10 minutes to start. not a big fan of the abuse IP databases either after I leased a server that was blacklisted before I even got it.

[floatingatoll]

I agree, timers are generally a sound approach. I would personally go with 36 hours to wait out the typical human attention span.