Firewalls -block rather than scan

If you run a so called “New Generation Firewall” it will probably have an IDS/IPS system that scans all traffic. This eats a lot of CPU and slows down your firewall. There are lots of reliable lists (blocklists) of IP addresses out there that you can use to drop traffic from the bad guys before scanning, saving lots of CPU and increasing your throughput. Research the lists you plan to use, here is a good place to start your research: FireHOL IP Lists. Read more