* Richard Creighton <ricreig@gmail.com> [07-29-07 15:46]:
I don't think he wants to block off the public, just someone he has detected abusing.
exactly and I am presently using fail2ban to block: [postfix-tcpwrapper] enabled = true filter = postfix action = hostsdeny[file=/etc/hosts.deny] mail[name=Postfix, dest=postmaster@localhost] logpath = /var/log/mail bantime = 300 which places 554 rejection ip into /etc/hosts.deny, but the firewall action denying rogue ssh attempts is cleaner, requires less resources and sees the ip sooner. is this correct: FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120 -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org