C
CrowdSec2mo ago
_KaszpiR_

Blocklists and decisions streaming

Question if the blocklists or decisions added are somewhat merged into a bigger CIDR ranges? Use case is to lower amount of addresses added to the the device, with over 20k addresses seems like that could be beneficial. I was thinking about using something like https://github.com/seancfoley/ipaddress-go but maybe you know something better? ( Also I think there should be separate #dev channel for such questions I guess?)
GitHub
GitHub - seancfoley/ipaddress-go: Go library for handling IP addres...
Go library for handling IP addresses and subnets, both IPv4 and IPv6 - seancfoley/ipaddress-go
5 Replies
CrowdSec
CrowdSec2mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
blotus
blotus2mo ago
No, crowdsec does not attempt to merge multiple decisions in a single range. It's something we thought about, but there are a ton of edge cases, and it would massively complexify the handling of decisions in crowdsec or the bouncers (imagine that you have 255 decisions for all the IPs in a /24, crowdsec would merge them in a single decision, the bouncer would receive a decision on the /24, and after a decision for one of the IP expires: we would have to deconstruct the range into 254 decisions). If you want to try to implement it at the bouncer level, you can, but it will probably get tricky quickly and you probably want to use https://pkg.go.dev/net/netip, it's part of the standard library
_KaszpiR_
_KaszpiR_OP2mo ago
Thx for the info, i was thiking about adding an adjustment to the bouncer where I already push everything and thus deduplicating could help, and already have some optimizations such as limiting ban time (any unvan leads to a bew address list and a reppaced fw rule to use new address list),. The idea is that instead of 20k entries maybe it could go down to say 16k entries, with faater cyclic update and expiry it would be better ( faster insert 16k enteies instead of 20k) Ok thanks, i guess for now it can be reoslved
CrowdSec
CrowdSec2mo ago
Resolving Blocklists and decisions streaming This has now been resolved. If you think this is a mistake please run /unresolve
_KaszpiR_
_KaszpiR_OP2mo ago
wc -l full_decision_list.txt
14666 derp.txt

cat full_decision_list.txt | aggregate > aggregated.txt

wc -l aggregated.txt 
10390 aggregated.txt

70%
wc -l full_decision_list.txt
14666 derp.txt

cat full_decision_list.txt | aggregate > aggregated.txt

wc -l aggregated.txt 
10390 aggregated.txt

70%
😄

Did you find this page helpful?