Hello All, This is my first time posting; i am rather new to iptables, so please excuse the ignorance in my question. My personal CentOS-based webhost is under constant ssh attack from an interminable list of different IP addresses (just to give you an idea, my latsb data file grows by ~100MB every week!!). i've noticed that they all seem to come from East-Asia (mainly China, Taiwan, Malaysia, Korea--both). i found this website which provides a list of IP addresses on a per-country basis: http://ipinfodb.com/ip_country_block_iptables.php it seems quite reliable, but the list, for just the countries above, is about 3700 lines long.. on the other hand, i found a list of just 40 lines for *all* of the APNIC countries (http://bgp.potaroo.net/ipv4-stats/allocated-apnic.html). i'd rather use a per-country list so as to not block non-offending countries like Japan and Australia. Indeed, my Mom, Dad, and i use this webhost for our small businesses, and although we've never had interlocutors from APNIC countries, i'd rather not block Australia outright, just in case someone has their webhost there and tries to send us email... My question, therefore, is this: Is it wise to use a 4000-line long block-list for iptables? Or will doing so bring my server to a crawl (which it already is because of these darn brute-force ssh attacks) because for each TCP packet it has to spend 5 minutes going through the entire list? Should i just forget about Australia and Japan, and block all APNIC countries with just a 40-line list instead? Again, i apologize for the long, and probably lame question, but i would *greatly* appreciate any help you might provide.. Thank you in advance! Be Well, Peter -- "My candle burns at both ends; It will not last the night; But ah, my foes, and oh, my friends It gives a lovely light!" — Edna St. Vincent Millay -- Peter Zieseniss Principal http://www.zconsulting.net peter@xxxxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
