On Monday 2010-04-26 16:46, Покотиленко Костик wrote: >В Пнд, 26/04/2010 в 16:09 +0200, Peter Zieseniss пишет: >> Hello All, >> >> This is my first time posting; i am rather new to iptables, so please excuse the ignorance in my question. >> >> My personal CentOS-based webhost is under constant ssh attack from an interminable list of different IP addresses (just to give you an idea, my latsb data file grows by ~100MB every week!!). >> i've noticed that they all seem to come from East-Asia (mainly China, Taiwan, Malaysia, Korea--both). >> >> i found this website which provides a list of IP addresses on a per-country basis: >> http://ipinfodb.com/ip_country_block_iptables.php\ Easier to use xt_geoip from xtables-addons. It's also just one rule; though not a hashmap, it's a bisecting search, which is reasonably fast (13 compare-steps for the IP-heaviest country like USA). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
