On Fri, Oct 9, 2009 at 7:35 PM, Niki Kovacs <contact at kikinovak.net> wrote: > Hi, > > I just set up a web server... and my bandwidth is being eaten by some > chinese folks trying to brute-force-ssh their way into the machine. > > Is there a simple way to banish either single IP addresses or, maybe > even better, whole IP classes ? I know it's feasible with iptables, but > is there something more easily configurable ? > > Cheers, > > Niki > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > The best way is iptables. If you know you dont/wont have any relations within China/Taiwan/etc you could ban whole subnets. It would help to use ipset in conjunction with iptables, just for optimisation's sake :)