iptable log-message
Andy Green
andy at warmcat.com
Sun May 27 10:23:10 UTC 2007
Manuel Arostegui Ramirez wrote:
> And for a basic and simply quickly solution:
> iptables -I INPUT -s 137.227.xxx.xxx -j DROP
Needs to be
iptables -I INPUT -p tcp -s 137.227.xxx.xxx -j DROP
Stick it in /etc/rc.local (which is what I do along with a comment about
why) or do service iptables save to make it persistent.
You can drop a surprising amount of the Internet like this (prompted to
do so by attacks from those netblocks) without affecting site
availability for actual normal readers.
-Andy
More information about the fedora-list
mailing list