|
|
|
|
|
|
by kees99
215 days ago
|
|
|
> eBPF & XDP would be much faster than netfilter. Netfilter is plenty fast, when configured sensibly. You'd probably want script to populate a "hash:net" ipset instead, and have just one iptables rule: -A INPUT \
-m set --match-set geoblock \
-j DROP
(where "geoblock" is aforementioned set) |
|
|