Removing my services from the standard ports, I saw a massive drop in these requests.
On Mon, Oct 12, 2009 at 5:01 PM, Lucian @ lastdot.org lucian@lastdot.orgwrote:
On Mon, Oct 12, 2009 at 9:36 PM, nate centos@linuxpowered.net wrote:
Amos Shapira wrote:
There is an iptables geoip module to allow you to specify countries. I never used it thought.
I love linux, been using it for about 14 years but a good firewall it does not make..
http://www.openbsd.org/faq/pf/tables.html
"A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group
of
addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses [..] Tables can also be populated from text files containing a list of IP addresses and networks:
table <spammers> persist file "/etc/spammers"
block in on fxp0 from <spammers> to any [..] Tables can be manipulated on the fly by using pfctl(8). For instance, to
add
entries to the <spammers> table created above:
# pfctl -t spammers -T add 218.70.0.0/16"
--
Myself I'd be interested in seeing a iptables system running with 50,000 rules for matching against.
nate
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
That's why i was recommending ipset earlier. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos