On Tue, 2007-05-01 at 05:53 +0100, Peter Bowyer wrote: > The only way I could think of doing this was a periodic rebuild of the
> static IPTables rules - which isn't particulary hard, nor particularly
> elegant. Have a look at Tom's 'timeban' script for inspiration - it's
> designed to work the other way round (reject an IP if it's in the
> database, else allow it), but that's easily fixed.
I'm not familiar with "timeban" so I don't know what it does
specifically. I make fairly heavy personal use of the iptables "recent"
and "hashlimit" modules - principally to prevent SSH dictionary attacks,
but they could just as easily be used to prevent people doing the stuff
Marc mentions.
Marc: before you ask about them, please read the iptables man page from
a recent version, and then if you have problems ask on a netfilter list.
This isn't the place.
