I am probably the exception but I make heavy use of several modules to block bots. I would love to try out bpfilter when they support connlimit, tcpmss, length, limit, owner, recent, set, tcp, ttl and maybe u32. In regards to performance I get some gains using NOTRACK in the raw table for ports I expect high packet rates in combination with stateless rules.
261 days ago [-]
Rendered at 14:12:01 GMT+0000 (Coordinated Universal Time) with Vercel.
I am probably the exception but I make heavy use of several modules to block bots. I would love to try out bpfilter when they support connlimit, tcpmss, length, limit, owner, recent, set, tcp, ttl and maybe u32. In regards to performance I get some gains using NOTRACK in the raw table for ports I expect high packet rates in combination with stateless rules.