On 5/11/2011 2:08 PM, Robert Spangler wrote: > On Wednesday 11 May 2011 12:58, the following was written: > >> I'm running fail2ban on my centos machine. It's handling sshd and >> postfix, and is working quite well. From the reports I'm seeing all >> the atempts are from a certain registrar's region, I won't name it, >> and was wondering instead of blocking individual ip's if there was a >> way I could block with iptables the complete region of ip's. I realize >> this will cut off a good majority of the world, but this is something >> i'm still curious about? > iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP > > Replace the x's with the start of the ip address range you want to block and > also make sure you are using the correct bit mask for that range. If the > interface is something other then eth0 then you will need to replace that too > with the correct interface. The '-I' will place this rule as the very first > rule in the chain. If you are using a passthrough box then replace INPUT > with FORWARD. > >> With regards blocking ip's and fail2ban, which method is better in >> terms of system resources, blocking via iptables as in the case of >> sshd or blocking via hosts.deny as in the case of postfix? > I don't know the answer to this. I prefer IPTABLES. > > More efficient using iptables to stop it before its processed in the case of mail. Also, look at "Spamdyke" as an alternative to stop senders,RDNS or ip blacklisting. Dave -- David Milholen Project Engineer P:501-318-1300 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110511/7c0dfb15/attachment-0005.html>