Peter Zieseniss wrote: > My question, therefore, is this: > Is it wise to use a 4000-line long block-list for iptables? Or will doing > so bring my server to a crawl (which it already is because of these darn > brute-force ssh attacks) because for each TCP packet it has to spend 5 > minutes going through the entire list? > Should i just forget about Australia and Japan, and block all APNIC > countries with just a 40-line list instead? Why not use denyhosts? http://denyhosts.sourceforge.net/ Works with tcp wrapper; auto-updates /etc/hosts.deny; sends and accepts new bad hosts back to the mothership. -- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court UNIX System Admin Consulting | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | tkevans@xxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
