[CentOS] Simple way to banish IP addresses ?
Lucian @ lastdot.org
lucian at lastdot.org
Mon Oct 12 04:09:42 UTC 2009
On Fri, Oct 9, 2009 at 7:35 PM, Niki Kovacs <contact at kikinovak.net> wrote:
> I just set up a web server... and my bandwidth is being eaten by some
> chinese folks trying to brute-force-ssh their way into the machine.
> Is there a simple way to banish either single IP addresses or, maybe
> even better, whole IP classes ? I know it's feasible with iptables, but
> is there something more easily configurable ?
> CentOS mailing list
> CentOS at centos.org
The best way is iptables.
If you know you dont/wont have any relations within China/Taiwan/etc
you could ban whole subnets.
It would help to use ipset in conjunction with iptables, just for
optimisation's sake :)
More information about the CentOS