Re: IPTABLES question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If what you want to do is to block offending IPs, let's say IPs who try to hack your systems, you would better use

denyhosts

yum install denyhosts
vi /etc/denyhosts.conf

It will automatically put the offending IPs on the /etc/hosts.deny for some time (you can configure that time)


:)
regards,
Guillermo.


On 7/18/06, David Cary Hart <Fedora@xxxxxxxxxxx> wrote:
On Tue, 18 Jul 2006 14:24:56 -0500, Michael Yep <myep@xxxxxxxxxxxxxx >
opined:
> Hello
>
> I know that the preferred way of controlling access is to use
> whitelists, but for my case I'd like to use IP blacklisting.
> Now using a script like
> #!/bin/bash
>
> if [ -f badips.txt ]
> then
> for BAD_IP in `cat badips.txt`
> do
> iptables -A INPUT -s $BAD_IP -j DROP
> done
> else
> echo "Can't read badips.txt"
> fi
>
> I have like 96 banned IPs so far. I am wondering about the possible
> performance hit on my system, and the limits of iptables.
> What if I have thousands?
>
At some point it affects performance. There are some workarounds.
What problem are you trying to solve? What causes you to block an IP?

--
      Do NOT Send Email to <spam trap> Fedora@TQMcube,com
Our DNSRBL - Eliminate Spam at The Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux