Good ${greeting_time}, Nelgin!   
      
   11 Dec 2017 22:42:26, you wrote to Joaquim Homrighausen:   
      
    >> Does anyone know of an alternative to ipset for blocking IP ranges   
    >> of entire countries, that works with OpenVZ containers?   
    Ne> I wish... I use fail2ban.   
      
   Very dangerous thing... However, it makes some fun to use it against the   
   admin^Widiot who installed it :-)   
      
    Ne> OpenVZ containers have limited memory   
      
   Netfilter rules are count as separate resourses. Look at the source or in BC.   
      
    Ne> and you can soon fill it up with an all the subnets. With fail2ban   
    Ne> you can block the offenders easily. I have a "permaban" chain for   
    Ne> those repeat offenders.   
      
   Being a security expert, I know (and use; and, obviously, recommend) better   
   method: limit the number of connections per minute to 2 or 3, thus making any   
   and all bruteforce attacks time-ineffective.   
      
      
   --   
   Alexey V. Vissarionov aka Gremlin from Kremlin   
   gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii   
      
   ... that's why I really dislike fools.   
   --- /bin/vi   
    * Origin: http://openwall.com/Owl (2:5020/545)