On Aug 22, 2009, at 7:53 PM, AMP Admin wrote:
Does anyone use iptables or something to defend against attacks?
Like if x amount of requests per x amount of time send away. If so
I would love some examples. Thanks!
Hi,
I use fail2ban with ipf on Solaris 10. When a host produces to many
5xx errors or sends to much spam it is banned in the firewall.
failregex = reject: RCPT from (.*)\[<HOST>\]: 5\d\d
ban time 1h
failregex = Passed SPAM, \[<HOST>\]
ban time 10m
When a host is banned multiple short times it gets banned for 1 day.
It should be easy to get this working with iptables.
--
Martijn
