A quick side-question related to the firewalls.
Does Iptables allow filtering out a list of selected ip addresses as well?
Yes, of course. My iptables is a little rusty, but it would look something like:
# /sbin/iptables -A INPUT -s aa.bb.cc.dd -j DROP
In Shorewall, my tool of choice, there is a blacklisting feature where the command "shorewall drop aa.bb.cc.dd" will drop the person. "shorewall allow aa.bb.cc.dd" will reverse the effect. I use this together with Portsentry and a small script to do dynamic blacklisting. Poke a packet at a port labeled "hostile" on my firewall, just one packet... and BAM! you're history. No more packets from you for the next three days. <grin> Absolutely love it.
I wrote a quick and simple HOWTO on how to do this, if you're interested. This could easily be modified for those who don't use Shorewall, since most of the work is actually done by Portsentry. It can be found in the Contrib section of the Shorewall FTP site, or if you can't find it then ask me here and I'll post a copy for you.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
