[BlueOnyx:05507] Re: getting hammered by this ip 219.237.15.233

[James]

The most reliable way I have found to block all traffic, permanently, from a
specific host is to put iptables rejection rules in
/etc/cron.hourly/log_traffic.  In the configfile generation section before
the -A rules, you can add a line such as:

-I INPUT -s <ip address> -j DROP

That cron job regularly updates your firewall rules in
/etc/sysconfig/iptables.  You should also be able to mask a subnet in a
similar fashion to the routing example.

James


> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
> bounces at blueonyx.it] On Behalf Of Steve Howes
> Sent: Wednesday, September 29, 2010 3:22 AM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:05503] Re: getting hammered by this ip
> 219.237.15.233
> 
> 
> On 29 Sep 2010, at 03:35, Alan Kline wrote:
> 
> > Steve...
> >
> > Thanks for posting this! I also have learned something from this
> thread.
> >
> > One question: Are these ip routes persistent? That is, will they
> survive
> > a reboot or installation of a new kernel? If not, is there a way to
> save
> > them so they can be reinstalled?
> 
> They will vanish on a reboot. There are ways of making them static, you
> can create a routes file for specific interfaces, not sure how that
> works for the blackhole idea. You could add them to rc.local if you
> want. It's probably not needed though. If you 'vanish' they don't
> appear to persist that much. There are several packages for BO that
> will automatically block brute force attempts though.
> 
> S
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx