howard chen wrote:
My server sometimes is under attack by DDOS, so I want to make a
simple script which read the log (Apache access log), do the analysis,
and set the rule to drop the packets from a specific IP.
Since it is DDOS, so I assume there will be large ammount of unique IP
needed to be input into the iptables.
I want to know, are there any hidden efficiency problem in this setup?
Or any better method?
Howard.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Haven't we had this discussion several times in the very recent past?
See the archives.
Hint: if the list is really large use ipsets.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
