On Tue, Sep 06, 2016 at 01:57:54PM -0700, Grant wrote: > > Hi, my site is being ravaged by an IP but dropping the IP via > > shorewall is seeming to have no effect. I'm using his IP from nginx > > logs.
What you really need is to set up net-anlyzer/fail2ban and not do this kind of stuff manually. It automates parsing logs for attacks and setting up persistent iptables rules to block them. As soon as I assigned a dns domain name to my home ssh-server and made it available externally I was getting attacked by multiple IP addresses from china, and as soon as one IP was banned they came at me with another one. After I set up fail2ban and set a low preauth limit along with lifetime bans, this whole cat-and-mouse game started going more to my liking. Highly recommend you try it, it comes with lots of predefined rules/templates that you can choose from (I see nginx-botsearch and nginx-http-auth are included).
