Mastodon Feed
If you have been wondering, "will fail2ban with ipset also fall over when the AI bots come a-knockin'?" the answer is "also yes".
Increase maxelem in action.d/iptables-ipset.conf
Expanding existing tables without wiping them is super easy, barely an inconvenience:
ipset save OLD_NAME > OUT
perl -pi -e 's/OLD_NAME/TMP/' OUT
perl -pi -e 's/65536/6553600/' OUT
ipset restore < OUT
ipset swap TMP OLD_NAME
ipset destroy TMP
rm OUT