On Fri, Jun 28, 2002 at 11:30:00AM -0400, Brian P. Flaherty wrote: | This works for me: | | ipchains -A input -s 12.27.41.66 -j DENY -l
Does this send back a "connection refused" packet? I forget what the
target names are for ipchains, but with iptables you want to use
"DROP" instead of "REJECT".
Here's a script for iptables that reads a blocklist of ip addresses
from a set of files and DROPs all packets from them.
~~~
#!/bin/sh
FLIST="/tmp/nimbda"
for F in $FLIST ; do
if [ -f $F ] ; then
for IP in `cat $F` ; do
iptables -A INPUT -s "$IP" -j DROP
done
fi
done
~~~
(you can easily convert that to ipchains
I also have a script that will read through apache's error log to add
addresses to this list (after notifying all users on their domain with
'net send' :-)). Let me know if you want that too.
-D
--
Misfortune pursues the sinner,
but prosperity is the reward for the righteous.
Proverbs 13:21
http://dman.ddts.net/~dman/
pgpnZyGyBHizt.pgp
Description: PGP signature
