On Wednesday 26 November 2003 10:41 pm, zynkx wrote:
> antony:
>
> the only reason why i am doing this is because i am
> blocking all incoming connectios to my box except
> portuguese connections. i manage to get all the
> portuguese ip ranges, put the forward chain to drop
> and a accepted all the sources i want to get
> connections from. this way i will only be accepting
> connetions from portugal, since that the ammount of
> users i administrate is not enough for that machine to
> be opened to the whole world.
Explain to me why you only want to allow connections from Portuguese IPs?
What is the problem with "that machine being opened to the world"?
1. What services are you providing anyway?
2. What is the limiting factor in not wanting just anyone from anywhere to be
able to connect? Is the machine severely under-powered, so it couldn't cope
with the load, or do you have a very slow Internet link, and you don't want
it saturated...?
Maybe you know what you're doing and blocking by country IP range is the right
solution to your problem, but where email is concerned I would never choose
that way of doing it.
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
