At last week's online meeting I mentioned that I have been using a tool to
block large numbers of undesired network accesses to my servers.
ipset-blacklist is "A Bash shell script which uses ipset and iptables to
ban a large number of IP addresses published in IP blacklists. ipset uses
a hashtable to store/fetch IP addresses and thus the IP lookup is a lot
(!) faster than thousands of sequentially parsed iptables ban rules."
Clear instructions and download at
https://github.com/trick77/ipset-blacklist
I use this to block access from several countries I have no desired
interactions with and from which the vast majority of logged access
attempts originated.
This is trivial to do by just adding the desired country code e.g. .cn
into a shell variable.
There are other blacklists maintained by third parties which can be easily
loaded too.
I currently have 16921 ipset blocking rules loaded, all by just selecting
desired rulesets.
I have been using ipset-blacklist for at least two years on multiple
servers (in datacentres and on my home DSL connection) without issue. 100K
or more attempted accesses on my DSL connection are blocked weekly. I just
rebooted after a kernel update and 320 acceses were blocked just as I
wrote this.
Brett
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org