Marc Perkel wrote:
> Here's something I run on my linux server to block IP addresses.
>
> #!/bin/sh
> #
> # Firewall Rules - This section provides a front end to pre-filter
> # traffic coming in.
>
> # The idea is that this can filter hackers from known IP address
> # and filter packets before they even atempt to talk to services
>
> # --- Clear the Tables
>
> iptables -v -F INPUT
>
> # --- Filter Hackers
>
> # The file /etc/ipblocked contains a list of IP addresses that are
> blocked # on this system. These are IPs of people who have tried to
> hack us.
>
> if [ -f /etc/ipblocked ]; then
> for i in $( cat /etc/ipblocked ); do
> iptables -v -A INPUT -s $i -j DROP
> done
> fi
>
> ipblocked file looks like this:
>
> 147.32.109.5
> 200.61.75.149
> 217.10.192.19/24
> 193.85.2.87
Neat. I could run a small IPTables rule on the MTA server, instead of
burdening the router with yet another ACL.
Cheers,
--
Juha
