[CentOS] iptables to block region-specific ip's?
Ljubomir Ljubojevic
office at plnet.rs
Wed May 11 19:48:04 UTC 2011
Robert Spangler wrote:
> On Wednesday 11 May 2011 12:58, the following was written:
>> the atempts are from a certain registrar's region, I won't name it,
>
> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP
I do not consider /24 subnet a "region subnet". You would need to use
something like sophisticated reverse DNS to resolve IP of the connection
and that would take time, not to mention problems with false positives
and .com, etc. Only way would be if you would know physical locations of
respective subnets.
I use denyhosts that regularly pools new offenders IP's from protected
systems all around a world. On my 3 servers, in last 5 months, I had
only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny,
and currently I have ~7000 IP's blocked from there that are
automatically blocked.
More information about the CentOS
mailing list