Re: (no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 26 November 2003 10:41 pm, zynkx wrote:

> antony:
>
> the only reason why i am doing this is because i am
> blocking all incoming connectios to my box except
> portuguese connections. i manage to get all the
> portuguese ip ranges, put the forward chain to drop
> and a accepted all the sources i want to get
> connections from. this way i will only be accepting
> connetions from portugal, since that the ammount of
> users i administrate is not enough for that machine to
> be opened to the whole world.

Explain to me why you only want to allow connections from Portuguese IPs?

What is the problem with "that machine being opened to the world"?

1. What services are you providing anyway?

2. What is the limiting factor in not wanting just anyone from anywhere to be 
able to connect?   Is the machine severely under-powered, so it couldn't cope 
with the load, or do you have a very slow Internet link, and you don't want 
it saturated...?

Maybe you know what you're doing and blocking by country IP range is the right 
solution to your problem, but where email is concerned I would never choose 
that way of doing it.

Antony.

-- 
If builders made buildings the way programmers write programs, then the first 
woodpecker to come along would destroy civilisation.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux