On Saturday 09 November 2019 02:49:16 mett wrote: > On 2019年11月9日 16:30:57 JST, Gene Heskett <ghesk...@shentel.net> wrote: > >I have a list of ipv4's I want fail2ban to block. But amongst the > >numerous subdirs for fail2ban, I cannot find one that looks suitable > > to > > > >put this list of addresses in so the are blocked forever. Can > > someone more familiar with how fail2ban works give me a hand? These > > are the ipv4 addresses of bingbot, semrush, yandex etc etc that are > > DDOSing me by repeatedly downloading my whole site and using up 100% > > of my upload bandwidth. > > > >Thanks all. > > > >Cheers, Gene Heskett > >-- > >"There are four boxes to be used in defense of liberty: > > soap, ballot, jury, and ammo. Please use in that order." > >-Ed Howdershelt (Author) > >If we desire respect for the law, we must first make the law > >respectable. > > - Louis D. Brandeis > >Genes Web page <http://geneslinuxbox.net:6309/gene> > > Hi, > > In this case, better to use iptables > directly: > > iptables -I INPUT 14 -s IP.ADD.RE.SS -j DROP root@coyote:action.d$ iptables -I INPUT 14 -s 73.229.203.175 -j DROP doesn't work gets: iptables: Index of insertion too big. Even as low as 8
> -where I is for "Insert" > -14 is the line nber of insertion > -where s is for "source" > -where j is for "jump to" > -also, u can check current table > with line-number by issuing: > iptables -L -nv --line-numbers > returns: root@coyote:action.d$ iptables -L -nv --line-numbers Chain INPUT (policy ACCEPT 15M packets, 186G bytes) num pkts bytes target prot opt in out source destination 1 0 0 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 14M packets, 182G bytes) num pkts bytes target prot opt in out source destination Chain f2b-sshd (1 references) num pkts bytes target prot opt in out source destination 1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 > u can even script it for availability > across reboot; That was automatic the last time I actually used it. > by the way > depending debian version, > iptables might have been > replaced by nft. Stretch, still iptables. And I got it by starting at 2. > > hth! root@coyote:action.d$ iptables -L -nv --line-numbers Chain INPUT (policy ACCEPT 32 packets, 3143 bytes) num pkts bytes target prot opt in out source destination 1 0 0 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 2 0 0 DROP all -- * * 73.229.203.175 0.0.0.0/0 3 0 0 DROP all -- * * 77.88.5.200 0.0.0.0/0 4 0 0 DROP all -- * * 66.249.64.226 0.0.0.0/0 5 0 0 DROP all -- * * 40.77.167.82 0.0.0.0/0 6 0 0 DROP all -- * * 111.225.149.199 0.0.0.0/0 7 0 0 DROP all -- * * 40.77.167.142 0.0.0.0/0 8 0 0 DROP all -- * * 220.243.136.25 0.0.0.0/0 9 0 0 DROP all -- * * 46.229.168.146 0.0.0.0/0 10 0 0 DROP all -- * * 141.8.143.160 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 28 packets, 1939 bytes) num pkts bytes target prot opt in out source destination Chain f2b-sshd (1 references) num pkts bytes target prot opt in out source destination 1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Thats not all of them but its a good start and I can get lots more ip's from the logs. Thanks a bunch. Now maybe folks interested in running linuxcnc on an rpi4 can get to a preempt-rt kernel or linuxcnc stuffs to run their machinery with. One last question, does this take ad.dr.ess.es/24 for mat as I can block 4 of the semrush bots in one swell foop that way Thanks a bunch, we got most of them in 10 new lines. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
