[CentOS] Simple way to banish IP addresses ?
nytrokiss at gmail.com
Wed Oct 14 20:52:21 UTC 2009
Removing my services from the standard ports, I saw a massive drop in these
On Mon, Oct 12, 2009 at 5:01 PM, Lucian @ lastdot.org <lucian at lastdot.org>wrote:
> On Mon, Oct 12, 2009 at 9:36 PM, nate <centos at linuxpowered.net> wrote:
> > Amos Shapira wrote:
> >> There is an iptables geoip module to allow you to specify countries. I
> >> never used it thought.
> > I love linux, been using it for about 14 years but a good firewall it
> > does not make..
> > http://www.openbsd.org/faq/pf/tables.html
> > "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
> > against a table are very fast and consume less memory and processor time
> > than lists. For this reason, a table is ideal for holding a large group
> > addresses as the lookup time on a table holding 50,000 addresses is only
> > slightly more than for one holding 50 addresses
> > [..]
> > Tables can also be populated from text files containing a list of IP
> > addresses and networks:
> > table <spammers> persist file "/etc/spammers"
> > block in on fxp0 from <spammers> to any
> > [..]
> > Tables can be manipulated on the fly by using pfctl(8). For instance, to
> > entries to the <spammers> table created above:
> > # pfctl -t spammers -T add 220.127.116.11/16"
> > --
> > Myself I'd be interested in seeing a iptables system running
> > with 50,000 rules for matching against.
> > nate
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> That's why i was recommending ipset earlier.
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS