[Novalug] What's a good way to block a bunch of IP's?
Dan Lavu
dan@lavu.net
Mon Jul 30 00:40:18 EDT 2012
Load the ipt_recent module and you can do it in iptables.
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 300 --hitcount 10 -j DROP
----- Original Message -----
From: "Jon LaBadie" <novalugml@jgcomp.com>
To: novalug@calypso.tux.org
Sent: Monday, July 30, 2012 12:34:53 AM
Subject: Re: [Novalug] What's a good way to block a bunch of IP's?
On Mon, Jul 30, 2012 at 12:08:38AM -0400, Clif Flynt wrote:
> When I was being ddos'ed with dictionary ssh attacks I put together a
> script that would watch /var/log for repeated ssh failures and
> automatically added them to the iptables with
>
> /sbin/iptables -D INPUT -j DROP -i ppp0 -s $ip
>
> my script logged the times of addition and removed the address
> from ipatables a few hours later.
>
> I wrote my script in Tcl, but a perl or python or bash script
> wouldn't be much tougher.
>
The denyhosts package might be suitable here.
jl
--
Jon H. LaBadie novalugml@jgcomp.com
11226 South Shore Rd (703) 787-0688 (H)
Reston, VA 20190 (609) 477-8330 (C)
_______________________________________________
Novalug mailing list
Novalug@calypso.tux.org
http://calypso.tux.org/mailman/listinfo/novalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20120730/d052a04b/attachment.htm>
More information about the Novalug
mailing list