[CentOS] iptables to block region-specific ip's?

David Milholen dmilholen at wletc.com
Wed May 11 23:50:46 UTC 2011


On 5/11/2011 2:08 PM, Robert Spangler wrote:
> On Wednesday 11 May 2011 12:58, the following was written:
>
>>   I'm running fail2ban on my centos machine. It's handling sshd and
>>   postfix, and is working quite well. From the reports I'm seeing all
>>   the atempts are from a certain registrar's region, I won't name it,
>>   and was wondering instead of blocking individual ip's if there was a
>>   way I could block with iptables the complete region of ip's. I realize
>>   this will cut off a good majority of the world, but this is something
>>   i'm still curious about?
> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP
>
> Replace the x's with the start of the ip address range you want to block and
> also make sure you are using the correct bit mask for that range.  If the
> interface is something other then eth0 then you will need to replace that too
> with the correct interface.  The '-I' will place this rule as the very first
> rule in the chain.  If you are using a passthrough box then replace INPUT
> with FORWARD.
>
>>   With regards blocking ip's and fail2ban, which method is better in
>>   terms of system resources, blocking via iptables as in the case of
>>   sshd or blocking via hosts.deny as in the case of postfix?
> I don't know the answer to this.  I prefer IPTABLES.
>
>
More efficient using iptables to stop it before its processed in the 
case of mail.
Also, look at "Spamdyke" as an alternative to stop senders,RDNS or ip 
blacklisting.
Dave


-- 

David Milholen
Project Engineer
P:501-318-1300
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110511/7c0dfb15/attachment.html>


More information about the CentOS mailing list