diff --git a/src/network.js b/src/network.js
index aa17b9f69..6611bca34 100644
--- a/src/network.js
+++ b/src/network.js
@@ -76,6 +76,7 @@ async function setBlocklist(blocklist, auditSource) {
 
     const parsedIp = ipaddr.process(auditSource.ip);
 
+    let count = 0;
     for (const line of blocklist.split('\n')) {
         if (!line || line.startsWith('#')) continue;
         const rangeOrIP = line.trim();
@@ -88,8 +89,10 @@ async function setBlocklist(blocklist, auditSource) {
             const parsedRange = ipaddr.parseCIDR(rangeOrIP); // returns [addr, range]
             if (parsedRange[0].kind() === parsedIp.kind() && parsedIp.match(parsedRange)) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} includes client IP. Cannot block yourself`);
         }
+        ++count;
     }
 
+    if (count >= 65536) throw new BoxError(BoxError.CONFLICT, 'Blocklist is too large. Max 65536 entries are allowed'); // https://ipset.netfilter.org/ipset.man.html (maxelem)
     if (constants.DEMO) throw new BoxError(BoxError.CONFLICT, 'Not allowed in demo mode');
 
     // store in blob since the value field is TEXT and has 16kb size limit