The best way to do it is with iptables. If you want something "more easily configurable" then some front end for it would be most useful. Webmin most likely provides a graphical interface to do it. Adding rules to drop traffic from IPs or whole subnets is not that difficult if you have a basic understand of IPv4 networking. There are some well documented examples on this page (including one to do what you're after): http://www.dd-wrt.com/wiki/index.php/Iptables_command#Examples Regards, Oliver On 12/10/2009, at 9:52 AM, mark wrote: > Toby Bluhm wrote: >> Toby Bluhm wrote: >>> Niki Kovacs wrote: >>>> >>>> I just set up a web server... and my bandwidth is being eaten by >>>> some >>>> chinese folks trying to brute-force-ssh their way into the machine. >>>> >>>> Is there a simple way to banish either single IP addresses or, >>>> maybe >>>> even better, whole IP classes ? I know it's feasible with >>>> iptables, but >>>> is there something more easily configurable ? > <snip> > Let me note that at work, the security group has a script set up > that does it > automagically, after so many attempts. > > And every morning or two in the logs, I see attacks from China, or > Mexico, or > Spain, or Taiwan... but then, we are a well-known site. > > mark, supporting the NIH > > -- > "The Pluto Files", Neil Degrasse Tyson. > Pluto shall rise again! - whitroth > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos