On 04/17/2017 11:01 AM, Roger Price wrote:
On Mon, 17 Apr 2017, suse@a-domani.nl wrote:
suse@a-domani.nl wrote:
In my firewall I examine all unexpected traffic, there for I end added lines for all existing countries, like:
Hi Hans,
Wouldn't it be simpler to specify the countries you are willing to accept and block all other traffic without specifying the country.
BTW I've simply configured all our internal used services (like ssh, internal mail, dns, ntp etc.) to listen on ipv6 only. This seem to avoid a lot more noise in the logs than these complicated and unsafe solutions like xtables-geoip or Fail2ban. I have only one single machine left as an ipv4 ssh gateway for the rare case that will sit on an ipv4-only network. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org