[CentOS] iptables to block region-specific ip's?
David Milholen
dmilholen at wletc.com
Wed May 11 23:50:46 UTC 2011
On 5/11/2011 2:08 PM, Robert Spangler wrote:
> On Wednesday 11 May 2011 12:58, the following was written:
>
>> I'm running fail2ban on my centos machine. It's handling sshd and
>> postfix, and is working quite well. From the reports I'm seeing all
>> the atempts are from a certain registrar's region, I won't name it,
>> and was wondering instead of blocking individual ip's if there was a
>> way I could block with iptables the complete region of ip's. I realize
>> this will cut off a good majority of the world, but this is something
>> i'm still curious about?
> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP
>
> Replace the x's with the start of the ip address range you want to block and
> also make sure you are using the correct bit mask for that range. If the
> interface is something other then eth0 then you will need to replace that too
> with the correct interface. The '-I' will place this rule as the very first
> rule in the chain. If you are using a passthrough box then replace INPUT
> with FORWARD.
>
>> With regards blocking ip's and fail2ban, which method is better in
>> terms of system resources, blocking via iptables as in the case of
>> sshd or blocking via hosts.deny as in the case of postfix?
> I don't know the answer to this. I prefer IPTABLES.
>
>
More efficient using iptables to stop it before its processed in the
case of mail.
Also, look at "Spamdyke" as an alternative to stop senders,RDNS or ip
blacklisting.
Dave
--
David Milholen
Project Engineer
P:501-318-1300
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110511/7c0dfb15/attachment.html>
More information about the CentOS
mailing list