I need to block about 10 000 IP addresses in my firewall, I have all IP addresses in file, so I run this command from command line:
while read line; do sudo ufw insert 1 deny from $line; done < IP_addresses
And it works, it inserts rules, but it is very slow, it inserts about 1 rule per second, is possible to make it faster?
It is running on Debian 9 with 1 CPU core of Xeon (VPS).
A faster way may be to add these to the /etc/ufw/before.rules file.
You could generate the lines to be inserted with your for loop by doing the following
You can then place that output in the rules.out file into the /etc/ufw/before.rules file following the line that reads:
This is using the instructions found at https://www.cyberciti.biz/faq/how-to-block-an-ip-address-with-ufw-on-ubuntu-linux-server/ as the basis. The pertinent section is the last one titled Tip: UFW NOT blocking an IP address