* Arnt Karlsen (arnt@xxxxxxx) wrote: > On Tue, 1 Apr 2003 15:06:52 -0500, > Stephen Frost <sfrost@xxxxxxxxxxx> wrote in message > <20030401200652.GY18434@xxxxxxxxxxxxxx>: > > # Bad guy detected! Add his IP to the badguy list! > > iptables -A BADCHAIN -m recent --set --name badguy -j DROP # Add IP to > > list > > ..this also shoots down the good guys with servers on dynamic dns, > using an old recycled-by-the-isp bad guy's ip. That's why there's a time limit to it. Chances are pretty bad you're going to have a good guy getting the bad guy's ip within 60 seconds and worse that they're both going to try and go to the given site. Additionally, there's an option to require a TTL match for those who are really concerned about it to make it even less likely to be an issue (and for cases where the bad guy likes to spoof his IP's, though do realize that if the bad guy spoof's google's IP address it's not a big deal because we use this state-based firewalling thing and the recent module should be used to filter inbound NEW packets, not ones already set up, so outbound connections to google wouldn't be affected). And, of course, you can always also create 'whitelists' in addition to the 'blacklists' in situations where you have friends who like to mess with other friends (my friends are great sometimes..; of course, it's my fault for making them listen to me babble on about my wonderful ipt_recent kernel module ;) ). Stephen
Attachment:
pgp00395.pgp
Description: PGP signature
