[CentOS] iptables to block region-specific ip's?

David Mehler

dave.mehler at gmail.com
Wed May 11 16:58:59 UTC 2011


Hello,
I'm running fail2ban on my centos machine. It's handling sshd and
postfix, and is working quite well. From the reports I'm seeing all
the atempts are from a certain registrar's region, I won't name it,
and was wondering instead of blocking individual ip's if there was a
way I could block with iptables the complete region of ip's. I realize
this will cut off a good majority of the world, but this is something
i'm still curious about?

With regards blocking ip's and fail2ban, which method is better in
terms of system resources, blocking via iptables as in the case of
sshd or blocking via hosts.deny as in the case of postfix?

Thanks.
Dave.



More information about the CentOS mailing list