need expert iptables advice !

hi,

I'd like to add the following list of ip ranges to iptables in order to block any brazilian users from connectin to my servers in any way, be it for spamming, scanning, hacking ...

This is not a reaction to a specific incident just a pre-cautionary measure. Until brazilian isps/authorities start giving a **** about what their users do, I don't want any of them on my servers.

Anyway, my question is this:

Would filtering all these ipranges on a cpanel machine (dual xeon, 1024mb ram, scsi) cause any noticable negative impact ie. bog the server down?

It's a lot of ip ranges and I guess every packet to the server would need to be filtered through all of them ... so how efficient would iptables be at this? not at all? would it be just overkill to have a 200 ip ranges blocked (dropped) ?

Advice from experts in this field (filtering, security etc with iptables) would be much appreciated. Thanks!

The list of brazilian ip ranges is here: blackholes.us/zones/country/brazil.txt

 

 

 

 

Top