[TriLUG] Iptables question

Jon Carnes jonc at nc.rr.com
Sun Mar 17 20:16:31 EST 2002


NBD - I do this all the time.

Setup a script to monitor your logs and if there are 3 bad attempts in the 
past minute, activate an iptables or ipchains rule blocking the site.   Have 
the script activated via cron every minute.  (or simply have it scan your 
logs continuously)

You might also want to record the bad site and time info into a separate log 
and drop your ban after 10 minutes or after the site stops trying to attach 
to your site.

Good Luck - Jon Carnes
 --- Original Message: Sunday 17 March 2002 09:12 am ---
> Is there a way to setup a rule that says, if I can more than X number of
> failed attempts from an inbound IP, to have the system set up a rule
> that will block that IP?
>
> IE: if 62.45.93.116 makes more that 3 attempts - the system will block
> 62.45.93.0/0 from reaching the system?
>
> Thanks,
> Mark
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html



More information about the TriLUG mailing list