Re: Alternate Solution to Iptables???
From: William Park (opengeometry_at_yahoo.ca)
Date: 12/31/03
- Next message: Joe: "Re: Port 135 Probes Continue"
- Previous message: Newsbox: "Re: OT udp port 138 BROWSER traffic"
- In reply to: Jim G.: "Alternate Solution to Iptables???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Dec 2003 23:06:59 GMT
Jim G. <jgrago@remove-nospam.twcny.rr.com> wrote:
> I do alot of Ip blocks in my business, my iptables has over 800 ip's
> that are being blocked because of users committing fraudulant
> activities. Is there an alternate solution that I can use rather than
> having so many ip's listed in my iptables. Do you know if I can
> achieve the same results of an iptables DROP with entering Ip's in the
> hosts.deny file?
There is nothing you can do about packets arriving at your "door".
Packets arrive because someone sent them. /etc/host.deny is for
programs using TCP wrapper (ie. sendmail, inetd, ...). IPtable will
drop packets faster and with less resource than applications, though.
>
> Also I will need to block certain countries as well, for example the
> philippines, any idea on how to do this too? Running 3 Fedora core
> apache servers (Load balance) and a mysql server.
Main problem with blocking by country is that they don't use few big IP
ranges, but rather lots of small IP ranges, too many to count.
Probably, to prevent what you are trying to do. :-)
But, for APNIC, look up
http://www.apnic.net/
for IP allocation. I use
60-61. 202-203. 210-211. 218-222.
or 60/7, 202/7, 210/7, 218/7, 220/7, 222/8
-- William Park, Open Geometry Consulting, <opengeometry@yahoo.ca> Linux solution for data management and processing.
- Next message: Joe: "Re: Port 135 Probes Continue"
- Previous message: Newsbox: "Re: OT udp port 138 BROWSER traffic"
- In reply to: Jim G.: "Alternate Solution to Iptables???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
