IPTABLES question

David Cary Hart Fedora at TQMcube.com
Tue Jul 18 21:00:43 UTC 2006


On Tue, 18 Jul 2006 15:00:28 -0500, Michael Yep <myep at remotelink.com>
opined:
> 
> I have been blocking some IPs because they are brute forcing my ssh
> port. I access this server from many different places so I cant
> really just add a few hosts.
> I'm talking about 36000 attempts in a short time from some IP
> addresses

Please don't top post.

Denyhosts from extras will work.

Personally, I use a swatch to whack these on the first attempt Swatch
executes a script that uses at to remove the IP from netfilter after
six hours. Swatch is perl, denyhosts is python. Other than that,
swatch offers more flexible configuration IMO.
> 
> David Cary Hart wrote:
> > On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep
> > <myep at remotelink.com> opined:
> >   
> >> Hello
> >>
> >> I know that the preferred way of controlling access is to use
> >> whitelists, but for my case I'd like to use IP blacklisting.
> >> Now using a script like
> >> #!/bin/bash
> >>
> >> if [ -f badips.txt ]
> >> then
> >> for BAD_IP in `cat badips.txt`
> >> do
> >> iptables -A INPUT -s $BAD_IP -j DROP
> >> done
> >> else
> >> echo "Can't read badips.txt"
> >> fi
> >>
> >> I have like 96 banned IPs so far. I am wondering about the
> >> possible performance hit on my system, and the limits of
> >> iptables. What if I have thousands?
> >>
> >>     
> > At some point it affects performance. There are some workarounds.
> > What problem are you trying to solve? What causes you to block an
> > IP?
> >
> >   
> 


-- 
      Do NOT Send Email to <spam trap> Fedora at TQMcube,com
Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org




More information about the fedora-list mailing list