[CentOS] Simple way to banish IP addresses ?
Warren Young
warren at etr-usa.com
Fri Oct 9 19:56:56 UTC 2009
Toby Bluhm wrote:
>
> Try fail2ban from rpmforge.
The main problem with fail2ban is that it's based on Python, so it takes
a fair bit of memory. This isn't a big problem on a dedicated server or
on a system with swap, but a lot of these attacks are made against
shared servers or those running virtual machine schemes like OpenVZ,
which don't allow swap, so you don't have enough memory to run something
so heavy.
What I do on my VPS is periodically look at the logs and ban attackers
by hand with this script, which I call iptdrop:
DROPFILE=/etc/network/iptables-drops
if [ -n "$1" ] ; then
iptables -I INPUT -s "$1" -j DROP
echo $1 >> $DROPFILE
else
echo usage: $0 ipaddress
echo
exit 1
fi
Then in /etc/rc.local:
while read ip ; do
iptables -I INPUT -s "$ip" -j DROP
done < /etc/network/iptables-drops
That restores any bans on reboot.
After a week or three, I remove the IP from the list, on the theory that
it might be some bot-infested PC behind DHCP, and so has probably moved on.
More information about the CentOS
mailing list