Re: [exim] IPTables Whitelisting

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Graeme Fowler
Date:  
À: exim users
Sujet: Re: [exim] IPTables Whitelisting
On Tue, 2007-05-01 at 05:53 +0100, Peter Bowyer wrote:
> The only way I could think of doing this was a periodic rebuild of the
> static IPTables rules - which isn't particulary hard, nor particularly
> elegant. Have a look at Tom's 'timeban' script for inspiration - it's
> designed to work the other way round (reject an IP if it's in the
> database, else allow it), but that's easily fixed.


I'm not familiar with "timeban" so I don't know what it does
specifically. I make fairly heavy personal use of the iptables "recent"
and "hashlimit" modules - principally to prevent SSH dictionary attacks,
but they could just as easily be used to prevent people doing the stuff
Marc mentions.

Marc: before you ask about them, please read the iptables man page from
a recent version, and then if you have problems ask on a netfilter list.
This isn't the place.

Graeme