On 08/21/2015 09:12 PM, John Andersen wrote:
Carlose: I'm sure you realize the both susefirewall and shorewall do nothing but manage iptables rules and install them as the interface is booted.
Never the less, a huge ban list slows EVERY packet, as each must be checked against the ban list. Banning entire subnets is more efficient.
One note to all those kinds of solution, i.e., something reading the logs and inserting an entry into iptables: on virtual servers, the resources might be rather limited. E.g. on mine at 1und1, I've even seen a situation where the whole virtual server wasn't reachable anymore due to a bigger iptables list - neither via ssh nor via any other port like that of apache. I don't remember exactly, but I think that limit was surprisingly small ... like 128 blocked IPs. The most effective things are * to move to a different port, * to disallow password authentication, * to enable only 1 certain user (not 'root', obvisouly). On top of that, one may run fail2ban or similar solutions, but I think you won't get more than one entry per week. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org