Flood blocking
Ashley M. Kirchner
ashley at pcraft.com
Sat Jun 6 23:32:15 UTC 2009
Bruno Wolff III wrote:
> That depends on what mailing lists you are on. Some can send a lot of email.
> I don't think you are going to find much antispam success trying to block
> this way.
The few lists we're subscribed to, I don't see this happening. Even
with Fedora's list, I don't see a lot of hits in a short amount of
time. I *think* it'll be fine, but then again I won't know till
something get implemented. And even if it's a temporary block, say
lasting 5 minutes, that shouldn't adversely affect mailing lists, I
don't think.
> Spammers are going to send stuff to your box from lots of IP
> addresses. If you try to block these which iptables it could potentially
> have negative affects on your machines ability to process packets because
> of the large number of rules.
>
True, however again, keep in mind that these are temporary blocks,
not permanent. 5 minutes at the most. Usually that's enough to cause
the spammer to go look for another target.
> If you are running an authenticated ftp server, then it's reasonable to
> do this.
>
Yup, I do. And right now the machines get affected more by the
flood of attacks than the actual iptables blocking. I'd rather remove
all the permanent blocks from iptables, and setup a temporary thing.
Hit me 3 times in 10 seconds, you're blocked for 5 minutes type of thing.
More information about the fedora-list
mailing list