On Wed, 3 Sep 2003, David Hart wrote: > I've about had it with attacks to our web server emanating from certain > geographical areas. This is not a display of Xenophobia. I have never > really used IPT. > > It takes about 4,000 lines for Korea and China alone and that's with > CIDR formatting.
You could shrink it a bit... 202.80.0.0/12 202.96.0.0/11 202.128.0.0/14 218.1.1.1/8 219.80.14.1/16 219.81.0.0/16 61.231.0.0/16 203.220.16.82/29 218.0.0.0/8 61.30.0.0/16 168.95.0.0/16 218.80.1.1/15 218.78.1.1/15 61.166.0.0/16 61.11.0.0/16 218.24.0.0/15 219.140.0.0/16 219.138.0.0/15 61.207.0.0/16 202.96.1.1/14 202.92.1.1/14 203.9.58.128/25 211.64.0.0/10 211.45.0.0/12 211.129.0.0/9 211.49.0.0/12 211.20.0.0/14 211.1.0.0/12 This got rid of most of the problem for us, your mileage will probably vary though... > "/sbin/iptables -A INPUT -s 61.32.0.0/16 -j REJECT" Why double the load by sending them a packet back, just drop them totally without a reply, replace -j REJECT with -j DROP but adding the IP's to your border router would be a better idea, our spam and attempted relays died off by 95% with all those IP's in the router acl. > What is the most efficient means of logging matches? I suppose that I My god! Why do you want to do this? Seriously you are asking for trouble your logs will grow so big so fast it will defeat the purpose, don't log em, just nuke em. > -- Res - Network Solutions: clueless f'wits who dont care whos business they damage through their incompetance, which is the ONLY thing they excel at. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
