Re: blacklists
On Thu, Dec 09, 2004 at 11:27:27AM +1100, Russell Coker wrote:
> On Thursday 09 December 2004 01:12, Craig Sanders <cas@taz.net.au> wrote:
> > the log file noise issue is important to me - i've recently started
> > monitoring mail.log and adding iptables rules to block smtp connections
i also wrote another trivial script which fetches a named blackholes.us text
file and creates iptables rules to match. not sure if this is a worthwhile
experiment - if for no other reason than the fact that iptables doesn't seem to
cope well with thousands of rules in a chain (could probably work around that
with a chain per country...but i'm probably not going to bother since i'm
pretty sure that this is NOT a good thing to do).
i'm currently running with korea.blackholes.us completely filtered out as a
test. (korea is where most of my spam attempts come from). so far it has
blocked over 16000 packets from korea. since all *I* ever get from there is
spam and probes from script-kiddies and viruses, that's a Good Thing<tm>. it
probably wouldn't be a good thing anywhere other than on my home gateway.
craig
--
craig sanders <cas@taz.net.au> (part time cyborg)
Reply to: