On 04/17/2017 07:34 PM, Per Jessen wrote:
Rc3bcdiger Meier wrote:
On 04/17/2017 11:01 AM, Roger Price wrote:
On Mon, 17 Apr 2017, suse@a-domani.nl wrote:
suse@a-domani.nl wrote:
In my firewall I examine all unexpected traffic, there for I end added lines for all existing countries, like:
Hi Hans,
Wouldn't it be simpler to specify the countries you are willing to accept and block all other traffic without specifying the country.
BTW I've simply configured all our internal used services (like ssh, internal mail, dns, ntp etc.) to listen on ipv6 only. This seem to avoid a lot more noise in the logs than these complicated and unsafe solutions like xtables-geoip or Fail2ban.
Why would you have any such noise on internal-only services?
I mean "internal" in terms of "only used by our staff". Still usable from everywhere. For example our public company web server is listening on port 80/443 via ipv4 and ipv6. Any other communication to that server (maintenance, monitoring), e.g. ssh, nrpe is done via ipv6 only. I have never seen any botnet login attempt via IPv6 so far. When I enable ssh via ipv4 I see thousands login attempts per day. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org