On Sun, Aug 21, 2011 at 03:07:51PM +0100, Always Learning wrote:
> I could probably achieve this by having two temporary tables (for
> blocked IP addresses) and after a week or two delete the contents of one
> table and than at another interval delete the contents of the second
> table. This would provide a useful overlap and ensure an IP blocked
> today is not 'freed' tomorrow when a temporary table's contents are
> deleted.
What I do (for SMTP) is nightly check the rules for those that don't
have any packets associated with them, delete those, then reset the
count on the remainder. This means that entries stay in the firewall
while they're still making attempts, but get removed a day after they've
stopped.
Code extracts:
getlist()
{
/sbin/iptables --line-numbers -L INPUT -v$n $1 | awk '/dpt:25|dpt:smtp/ {printf("Rule=%d Count=%d source=%s\n", $1,$2,$9)}'
}
lst=$(getlist | /usr/bin/tac | sed -n 's/^Rule=\(.* Count=0\)/\1/p')
if [ -n "$lst" ]
then
echo "$lst" | while read rule details
do
/sbin/iptables -D INPUT $rule
echo Clearing Rule=$rule $details
done
else
echo No Rules to clear
fi
getlist -Z
--
rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
