[TriLUG] Iptables question
Jon Carnes
jonc at nc.rr.com
Sun Mar 17 20:16:31 EST 2002
NBD - I do this all the time.
Setup a script to monitor your logs and if there are 3 bad attempts in the
past minute, activate an iptables or ipchains rule blocking the site. Have
the script activated via cron every minute. (or simply have it scan your
logs continuously)
You might also want to record the bad site and time info into a separate log
and drop your ban after 10 minutes or after the site stops trying to attach
to your site.
Good Luck - Jon Carnes
--- Original Message: Sunday 17 March 2002 09:12 am ---
> Is there a way to setup a rule that says, if I can more than X number of
> failed attempts from an inbound IP, to have the system set up a rule
> that will block that IP?
>
> IE: if 62.45.93.116 makes more that 3 attempts - the system will block
> 62.45.93.0/0 from reaching the system?
>
> Thanks,
> Mark
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
More information about the TriLUG
mailing list