gary wrote:
from the C/L
iptables -A INPUT -s worse.IP.Addresses -d 0/0 --proto all -j DROP
set it, and forget it.
This will only help him so much. Those packets will still keep hitting his firewall and taking up processing time and bandwidth. It will keep the packets from clogging up his internal network, but will do nothing for internal-to-external throughput. If you are getting so many that your external bandwidth is being eaten up you should contact your isp and have them track the main offenders to their sources because this would most likely be a coordinated DOS attack. 10,000 a day won't qualify, since depending on your config you might get that many per second in *real* DOS attack, but you have to decide what is cripling for your network. JS