Is using a blacklist in iptables a good strategy?

David Leangen netfilter at leangen.net
Wed Nov 30 15:51:58 CET 2005


Guys,


> > I'm getting a little fed up with break-in attempts happening every 
> > single day.

> My current way of doing this is using the ipt_recent
> so now I only block the 'strage connections' for some time...
> here's some copy/paste from my current ipt rule set


> http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO-2.html
> 
> it's a geoip patch for iptables, allows you to block entire countries,
> or you can allow connections from only certain countries.


Thanks for the great tips!

Dave





More information about the netfilter mailing list