[wellylug] Blocking bad IPs from server
scott at slackisland.org
scott at slackisland.org
Fri Jan 26 19:07:33 NZDT 2007
Hi,
> I'm curious: which kernel version are you using, and how will
> blacklisting require a recompile? I don't use/know shorewall,
The server is running:
2.6.9-42.0.3.plus.c4smp #1 SMP Fri Oct 6 11:42:04 CDT 2006 x86_64 x86_64
x86_64 GNU/Linux
but I think I'll have to roll back to a stock kernel and then compile
again so that I can patch it with ipsets:
http://ipset.netfilter.org/
Without all the source headers etc, it's tough to patch the kernel.
Anyway, with ipsets shorewall can setup a blacklist that has thousands of
IPs without any significant performance hit. Shorewall is basically just
a iptables management client, very easy to configure and maintain, setting
up NATs/IPMASQ is a snap. Checkitout:
http://shorewall.net
Cheers,
Scott VanDusen
Tokyo
More information about the wellylug
mailing list