Interesting point about the IP blocks...

When I started with OpenBSD and pf about 18 months ago, I was amazed at the output of "pfctl -ss", as in "who the hell are are all these IP's hitting my public IP?".

I used to whois on each one and if I didn't recognize it, it would be added to an "ipblock" table in my rules. This became tiresome after a while and I've quit doing it.

I do have bogons and bogons6 blocked on public facing NIC as well as a table for emerging threats. I was downloading CDIR's for countries, but that too became a pain...there are so many.

Is a country block a good thing to think about adding to my configuration?