On 06.01.14 1707 (+0400), dimas wrote:
> в банальный iptables добавь что-то типа:
> -A INPUT -s 1.2.3.4 -i eth0 -p tcp -m tcp --dport 1111 -j REJECT
> --reject-with icmp-port-unreachable
> порт - на котором он, собственно, висит. можно и не указывать, будет футболить
> все подключения.
> правда, на каждого желающего писать по строчке - жизни не хватит.
Package: ipset
[...]
Description-en: administration tool for kernel IP sets
IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel which can be
administered by the ipset(8) utility. Depending on the type, currently an
IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with
MAC addresses in a way which ensures lightning speed when matching an
entry against a set.
.
If you want to
.
* store multiple IP addresses or port numbers and match against the
entire collection using a single iptables rule.
* dynamically update iptables rules against IP addresses or ports without
performance penalty.
* express complex IP address and ports based rulesets with a single
iptables rule and benefit from the speed of IP sets.
.
then IP sets may be the proper tool for you.
Homepage: http://ipset.netfilter.org/
--
To UNSUBSCRIBE, email to debian-russian-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140107075406.ga10...@roadwarrior.8p8c.net
