[ubuntu-hardened] [Secure] Automate IP address banning using ipset and iptables.
daniel curtis
sidetripping at gmail.com
Tue Nov 24 18:38:20 UTC 2015
Hello, Mr Seth
I think, that I would block invidual addresses (according to the
system logs files, such as /var/log/kern.log etc.). So, I will have
to use the "hash:ip" set. In addition, if it is about port scanning,
I will want to use a timeout option, for example 3600, so port
scanning probes will be banned for an hour.
There is also one more thing: should I use "DROP" or "REJECT". As
we know, the "DROP" target will drop a packet without any
response while "REJECT" refuses the packet sending an ICMP-type
response back to the source host etc.
But that's another story, a completely new topic.
Thank you both for your answers, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20151124/c1f598f4/attachment.html>
More information about the ubuntu-hardened
mailing list