denyhosts<br>will do the job for you!<br><br>:) <br>regards,<br>Guillermo.<br><br><br><div><span class="gmail_quote">On 7/18/06, <b class="gmail_sendername">Michael Yep</b> <<a href="mailto:myep@remotelink.com">myep@remotelink.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have heard of this method, but I thought it was better to stop them at
<br>the firewall level. right?<br><br>Guillermo Garron wrote:<br>> If what you want to do is to block offending IPs, let's say IPs who<br>> try to hack your systems, you would better use<br>><br>> denyhosts<br>
><br>> yum install denyhosts<br>> vi /etc/denyhosts.conf<br>><br>> It will automatically put the offending IPs on the /etc/hosts.deny for<br>> some time (you can configure that time)<br>><br>><br>> :)
<br>> regards,<br>> Guillermo.<br>><br>><br>> On 7/18/06, *David Cary Hart* <<a href="mailto:Fedora@tqmcube.com">Fedora@tqmcube.com</a><br>> <mailto:<a href="mailto:Fedora@tqmcube.com">Fedora@tqmcube.com
</a>>> wrote:<br>><br>> On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep<br>> <<a href="mailto:myep@remotelink.com">myep@remotelink.com</a> <mailto:<a href="mailto:myep@remotelink.com">myep@remotelink.com
</a>>><br>> opined:<br>> > Hello<br>> ><br>> > I know that the preferred way of controlling access is to use<br>> > whitelists, but for my case I'd like to use IP blacklisting.
<br>> > Now using a script like<br>> > #!/bin/bash<br>> ><br>> > if [ -f badips.txt ]<br>> > then<br>> > for BAD_IP in `cat badips.txt`<br>> > do<br>> > iptables -A INPUT -s $BAD_IP -j DROP
<br>> > done<br>> > else<br>> > echo "Can't read badips.txt"<br>> > fi<br>> ><br>> > I have like 96 banned IPs so far. I am wondering about the possible
<br>> > performance hit on my system, and the limits of iptables.<br>> > What if I have thousands?<br>> ><br>> At some point it affects performance. There are some workarounds.<br>> What problem are you trying to solve? What causes you to block an IP?
<br>><br>> --<br>> Do NOT Send Email to <spam trap> Fedora@TQMcube,com<br>> Our DNSRBL - Eliminate Spam at The Source: <a href="http://www.TQMcube.com">http://www.TQMcube.com</a><br>> Don't Subsidize Criminals:
<a href="http://boulderpledge.org">http://boulderpledge.org</a><br>><br>> --<br>> fedora-list mailing list<br>> <a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> <mailto:<a href="mailto:fedora-list@redhat.com">
fedora-list@redhat.com</a>><br>> To unsubscribe: <a href="https://www.redhat.com/mailman/listinfo/fedora-list">https://www.redhat.com/mailman/listinfo/fedora-list</a><br>><br>><br><br>--<br>Michael Yep<br>
Development / Technical Operations<br>RemoteLink, Inc.<br>26W161 Plank Rd<br>Naperville, IL 60563-3422<br>Website: <a href="http://www.remotelink.com">www.remotelink.com</a><br>Direct: 800-362-9446 x164<br>Fax: 630-983-0364
<br>GPG Key 0x126439D9<br><br>Your Link to Effective Business Communications!<br>Specializing in telecommunications and Internet technology. If it helps connect you with your customers, remote employees and colleagues we do it. We put you in control of today's technology. From Teleconferencing, WebConferencing, Auto Attendant and Broadcast messaging to Custom data collection, ecommerce, CTI and IVR services.
<br><br>--<br>fedora-list mailing list<br><a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a><br>To unsubscribe: <a href="https://www.redhat.com/mailman/listinfo/fedora-list">https://www.redhat.com/mailman/listinfo/fedora-list
</a><br></blockquote></div><br>