iptables +block country
Peter von Kaehne
refdoc at gmx.net
Mon Aug 16 07:49:04 UTC 2010
On 16/08/10 08:32, Sandy Harris wrote:
> On Mon, Aug 16, 2010 at 12:31 PM, NoOp <glgxg at sbcglobal.net> wrote:
>
>> With apologies to our Chinese list subscribers...
>
> I'm not Chinese, but I am in China. I'm not inclined to accept the
> apology. We have enough trouble with Great Firewall without
> also having to contend with blocking on your end.
Considering that this is a private machine, i think your offence is a
bit misplaced, Sandy.
To the OP:
I think you should work the other way round - not by blacklisting but by
whitelisting.
If you life is predictable (small radius of travel, always the same
machines/networks you use to log on from etc, you could create a much
smaller list of ip addresses/ranges for the places you are actually with
any likelyhood going to be. And most of our lives are predictable in
that fashion, as long as the list is wide enough.
Another matter - have a look at fail2ban. This is a package which is
designed to protect ssh etc from too much probing. 3 attempts and you
are out for a long time. It has cut down drastically the logs of failed
attempts to hack my ssh server
HTH
Peter
More information about the ubuntu-users
mailing list