[wellylug] Blocking bad IPs from server
scott at slackisland.org
scott at slackisland.org
Fri Jan 26 15:33:01 NZDT 2007
Hi everyone,
I have a quick question about this:
> Quoting John Durham <johndurh at spunge.org>:
> for i in `cat /path/to/badips.txt`; do iptables -A INPUT -s $i -j DROP;
> done
is this going to be OK if you have, say, 2539 bad IPs? I've been running
SSH on a nonstandard port and use knockd to open that ssh port up, so
every attempted connection to the standard ssh port I've considered
malicious. Doing this:
tac /var/log/ulogd/ulogd.syslogemu | grep 'DPT=22' | awk {'print $9'} |
sort | uniq | cut -c 5-19 > /var/log/sshattemptssorted.txt
gives me a full list of IP addresses that have hit my SSH port, so I was
thinking of using blacklists in shorewall firewall to permanently drop
these IPs. However that requires a kernel recompile and I haven't had time
to get around to that yet, so I'm wondering if it's feasable to add so
many IPs to iptables. Wouldn't this have a performance impact?
Cheers,
Scott still in Tokyo
More information about the wellylug
mailing list