IPTABLES question

Guillermo Garron guillermo.fedora at gmail.com
Tue Jul 18 20:03:55 UTC 2006 

denyhosts
will do the job for you!

:)
regards,
Guillermo.


On 7/18/06, Michael Yep <myep at remotelink.com> wrote:
>
> I have heard of this method, but I thought it was better to stop them at
> the firewall level. right?
>
> Guillermo Garron wrote:
> > If what you want to do is to block offending IPs, let's say IPs who
> > try to hack your systems, you would better use
> >
> > denyhosts
> >
> > yum install denyhosts
> > vi /etc/denyhosts.conf
> >
> > It will automatically put the offending IPs on the /etc/hosts.deny for
> > some time (you can configure that time)
> >
> >
> > :)
> > regards,
> > Guillermo.
> >
> >
> > On 7/18/06, *David Cary Hart* <Fedora at tqmcube.com
> > <mailto:Fedora at tqmcube.com>> wrote:
> >
> >     On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep
> >     <myep at remotelink.com <mailto:myep at remotelink.com>>
> >     opined:
> >     > Hello
> >     >
> >     > I know that the preferred way of controlling access is to use
> >     > whitelists, but for my case I'd like to use IP blacklisting.
> >     > Now using a script like
> >     > #!/bin/bash
> >     >
> >     > if [ -f badips.txt ]
> >     > then
> >     > for BAD_IP in `cat badips.txt`
> >     > do
> >     > iptables -A INPUT -s $BAD_IP -j DROP
> >     > done
> >     > else
> >     > echo "Can't read badips.txt"
> >     > fi
> >     >
> >     > I have like 96 banned IPs so far. I am wondering about the
> possible
> >     > performance hit on my system, and the limits of iptables.
> >     > What if I have thousands?
> >     >
> >     At some point it affects performance. There are some workarounds.
> >     What problem are you trying to solve? What causes you to block an
> IP?
> >
> >     --
> >     Do NOT Send Email to <spam trap> Fedora at TQMcube,com
> >     Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
> >     Don't Subsidize Criminals: http://boulderpledge.org
> >
> >     --
> >     fedora-list mailing list
> >     fedora-list at redhat.com <mailto:fedora-list at redhat.com>
> >     To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
> >
>
> --
> Michael Yep
> Development / Technical Operations
> RemoteLink, Inc.
> 26W161 Plank Rd
> Naperville, IL 60563-3422
> Website: www.remotelink.com
> Direct: 800-362-9446 x164
> Fax: 630-983-0364
> GPG Key 0x126439D9
>
> Your Link to Effective Business Communications!
> Specializing in telecommunications and Internet technology. If it helps
> connect you with your customers, remote employees and colleagues we do it.
> We put you in control of today's technology.  From Teleconferencing,
> WebConferencing, Auto Attendant and Broadcast messaging to Custom data
> collection, ecommerce, CTI and IVR services.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20060718/c697b66f/attachment-0002.html

More information about the users mailing list