[CentOS] Simple way to banish IP addresses ?
James Matthews
nytrokiss at gmail.com
Wed Oct 14 19:52:21 UTC 2009
Removing my services from the standard ports, I saw a massive drop in these
requests.
On Mon, Oct 12, 2009 at 5:01 PM, Lucian @ lastdot.org <lucian at lastdot.org>wrote:
> On Mon, Oct 12, 2009 at 9:36 PM, nate <centos at linuxpowered.net> wrote:
> > Amos Shapira wrote:
> >> There is an iptables geoip module to allow you to specify countries. I
> >> never used it thought.
> >
> > I love linux, been using it for about 14 years but a good firewall it
> > does not make..
> >
> > http://www.openbsd.org/faq/pf/tables.html
> >
> > "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups
> > against a table are very fast and consume less memory and processor time
> > than lists. For this reason, a table is ideal for holding a large group
> of
> > addresses as the lookup time on a table holding 50,000 addresses is only
> > slightly more than for one holding 50 addresses
> > [..]
> > Tables can also be populated from text files containing a list of IP
> > addresses and networks:
> >
> > table <spammers> persist file "/etc/spammers"
> >
> > block in on fxp0 from <spammers> to any
> > [..]
> > Tables can be manipulated on the fly by using pfctl(8). For instance, to
> add
> > entries to the <spammers> table created above:
> >
> > # pfctl -t spammers -T add 218.70.0.0/16"
> >
> > --
> >
> > Myself I'd be interested in seeing a iptables system running
> > with 50,000 rules for matching against.
> >
> >
> > nate
> >
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> That's why i was recommending ipset earlier.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
http://www.goldwatches.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091014/8e9ba989/attachment.html>
More information about the CentOS
mailing list