[CentOS] which firewall to automatically block bandwidth abusers?
John R Pierce
pierce at hogranch.com
Thu Aug 18 23:27:27 UTC 2011
On 08/18/11 4:05 PM, Rudi Ahlers wrote:
> The point it, it doesn't matter who the user is. As soon as an IP, any
> IP exceeds the limit, it should get blocked.
you might take a look at the various fail2ban scripts that are commonly
used to block an IP for some period of time after a threshold number of
SSH or appache login attempts are made, and you can probably figure out
how to implement that same sort of concept to run off whatever
per-source-IP traffic statistics you're keeping... of course, if your
web and mail and whatever servers are accessed by 100s or 1000s of
unique hosts a day, those traffic statistics are going to be quite a lot
of overhead to track.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
More information about the CentOS
mailing list