IPTABLES question
Guillermo Garron
guillermo.fedora at gmail.com
Tue Jul 18 19:57:18 UTC 2006
If what you want to do is to block offending IPs, let's say IPs who try to
hack your systems, you would better use
denyhosts
yum install denyhosts
vi /etc/denyhosts.conf
It will automatically put the offending IPs on the /etc/hosts.deny for some
time (you can configure that time)
:)
regards,
Guillermo.
On 7/18/06, David Cary Hart <Fedora at tqmcube.com> wrote:
>
> On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep <myep at remotelink.com>
> opined:
> > Hello
> >
> > I know that the preferred way of controlling access is to use
> > whitelists, but for my case I'd like to use IP blacklisting.
> > Now using a script like
> > #!/bin/bash
> >
> > if [ -f badips.txt ]
> > then
> > for BAD_IP in `cat badips.txt`
> > do
> > iptables -A INPUT -s $BAD_IP -j DROP
> > done
> > else
> > echo "Can't read badips.txt"
> > fi
> >
> > I have like 96 banned IPs so far. I am wondering about the possible
> > performance hit on my system, and the limits of iptables.
> > What if I have thousands?
> >
> At some point it affects performance. There are some workarounds.
> What problem are you trying to solve? What causes you to block an IP?
>
> --
> Do NOT Send Email to <spam trap> Fedora at TQMcube,com
> Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
> Don't Subsidize Criminals: http://boulderpledge.org
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060718/7ec2bc47/attachment-0001.htm>
More information about the fedora-list
mailing list