From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.taht.net (mail.taht.net [IPv6:2a01:7e00::f03c:91ff:feae:7028]) by lists.bufferbloat.net (Postfix) with ESMTPS id 548D63B2A2 for ; Mon, 18 Jan 2016 13:32:43 -0500 (EST) Received: from dair-1042.lorna-side.hm.taht.net (c-73-252-201-217.hsd1.ca.comcast.net [73.252.201.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.taht.net (Postfix) with ESMTPSA id 7CE822131A for ; Mon, 18 Jan 2016 18:32:41 +0000 (UTC) To: cerowrt-devel@lists.bufferbloat.net From: =?UTF-8?Q?Dave_T=c3=a4ht?= Message-ID: <569D3078.7050605@taht.net> Date: Mon, 18 Jan 2016 10:35:36 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: [Cerowrt-devel] router hardening X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jan 2016 18:32:43 -0000 One of my issues with blindly applying techniques to block certain IPs is trusting the sources of the data - many people have ended up on a blocklist that shouldn't have. That said, ipset is so effective and so scalable, that perhaps deploying this by default http://www.linuxjournal.com/content/server-hardening?page=0,1 would be a good idea. Are there any more ipv6 specific blocklists out there?