JH>> Does anyone know of an alternative to ipset for blocking IP   
    JH>> ranges of entire countries, that works with OpenVZ containers?   
      
    av> If you want to do exactly that, simply use CIDR notation with -s   
    av> parameter.   
      
   Using IPTABLES ... or did you mean with ipset? I can't use ipset in this   
   specific case, and listing thousands of nets using IPTABLES is usually a bad   
   idea.   
      
    av> However, if you need (just a guess) to protect SSH against   
    av> bruteforcing the passwords, that's normally performed a bit   
    av> differently.   
      
   I prefer using F2B, it works quite well if you up blocking time to something   
   like 24-48 hours.   
      
      
      
    -joho   
      
   ---   
    * Origin: code.code.code (2:20/4609)