search for: ipdeny

Hi Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2 I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access. Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB to the latest version which is GeoLite2, this leaves all users in need of the old

On Mon, Jan 14, 2019 at 07:29:45AM +0000, Phil Perry (pperry at elrepo.org) wrote: > On 14/01/2019 07:09, Jobst Schmalenbach wrote: > > Hi > I use ipdeny's aggregated country lists to do the same thing: > > http://www.ipdeny.com/ipblocks/data/aggregated/ > > I just feed this data directly into ipset/iptables via a script running on > my firewall (not a C6 box). ipset is a really efficient way of doing this. Do you create a sep...

On 15/01/2019 01:29, Jobst Schmalenbach wrote: > > On Mon, Jan 14, 2019 at 07:29:45AM +0000, Phil Perry (pperry at elrepo.org) wrote: >> On 14/01/2019 07:09, Jobst Schmalenbach wrote: >>> Hi >> I use ipdeny's aggregated country lists to do the same thing: >> >> http://www.ipdeny.com/ipblocks/data/aggregated/ >> >> I just feed this data directly into ipset/iptables via a script running on >> my firewall (not a C6 box). ipset is a really efficient way of doing this. &gt...

...09, Jobst Schmalenbach wrote: > Hi > > Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2 > > I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access. > I use ipdeny's aggregated country lists to do the same thing: http://www.ipdeny.com/ipblocks/data/aggregated/ I just feed this data directly into ipset/iptables via a script running on my firewall (not a C6 box). ipset is a really efficient way of doing this. > Maxmind (https://dev.maxmind.com/geoip...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steffen Kaiser wrote: > passdb { driver = ipdeny args = <host>/matchpattern/action .... > *** } > With next passdb{} as 1st in chain: passdb { driver = checkpassword args = "/tmp/chktst ip=%r service=%s" result_success = continue result_failure = return-fail } and this script BEGIN /tmp/chktst #!/bin/bash echo &...

...lso wanted to go the "other way": disallow everything but 2 countries (AU,NZ). There are even more conflicting ideas about how to do this, but I figured it out. Also I cannot see a difference in speed between using (maxmind) -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT and (ipdeny) -A filter_countries -m set --set au.geoblock src -j ACCEPT which is really good! Jobst -- The future isn't what it used to be (it never was). | |0| | Jobst Schmalenbach, General Manager | | |0| Barrett & Sales Essentials |0|0|0| +61 3 9533 0000, POBox 277, Caulfield...

...use it. The list is yet pretty short but for me, it has reduced the noise on my PBX from 20-30 attacks per day to about 2 or 3 per week, especially after most of the Palestinian networks ended up on the list. You're free to use the list - own your own responsibility and risk. It's in the ipdeny.com format, so a simple script can be used to CURL the list and create iptables rules from it. A sample script for something like that is also on my website (check the Linux section). That's the website for the list: http://stefan.gofferje.net/it-stuff/sipfraud/sip-attacker-blacklist And that...

On 03/02/2015 02:38 AM, Oliver Welter wrote: > Guys, dovecot is open source - if you desire a feature that the upstream > programmer did not include, pay him a bounty to do so or send him a > patch to be included. Period. We can discuss and mightbe somebody will > fork if he is not willing to accept such a solutuion for any political > reason. > > I am really tired of reading

hello list hello dovecot network hello all the reader here is a sieve script this ######################################## require ["fileinto","regex","comparator-i;ascii-numeric","reject","relational"]; # rule:[spammanage] if header :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["500"] {

...at tcpwrapper is for" :-) http://wiki2.dovecot.org/LoginProcess?highlight=%28tcp+wrapper%29 what had been ruled out by the OP with a conditional *if*. If you for instance add a passdb{} driver, that does not interfere with the remaining code base (much), so one can use: passdb { driver = ipdeny args = <host>/matchpattern/action .... *** } in front of any other passdb{}. *** some sort of notation to configure IP source, matching and reaction. If such plugin(?) is available, I would expect immediate complains, it does not support: + local file lists with various sets of syntaxe...

Yesterday a customer was attacked from the following IP addresses so add them to your blacklist: iptables -A INPUT -s 37.8.119.75 -j DROP iptables -A INPUT -s 37.8.22.240 -j DROP -- Telecomunicaciones Abiertas de M?xico S.A. de C.V. Carlos Ch?vez Prats Director de Tecnolog?a +52-55-91169161 ext 2001 -------------- next part -------------- A non-text attachment was scrubbed... Name: not

...ealm.net After working with "named sets", it would be convenient for nft to learn to automatically import the "elements" for a "named set" from an external file, when that list might be very long, as when, for instance, creating a drop rule for addresses provided from ipdeny.com, rather than always needing to use a subsequent command, as for instance "nft add element inet filter drop4 \{ $( tr '\n' ',' < etc/zones.conf.d/cn-aggregated.zone ) \}", in this example. The format might look something like "set <set_name> { ...; elemen...

Kevin Larsen <kevin.larsen at pioneerballoon.com> schrieb: > Based on SIP packets coming in from IP addresses you don't recognize, > while you may not be hacked, you would seem to have people probing your I think, too, it's someone probing my IP... > system. One thing you can do at the firewall level is restrict inbound sip > communications to only those from your

...ment 734 --> https://bugzilla.netfilter.org/attachment.cgi?id=734&action=edit shell script demonstrating the bug The title basically describes the issue. Steps to reproduce the issue: Take an ip list for any country (in most of my tests I've been using the ip list for GB fetched from ipdeny, which currently has 8589 ipv4 ip blocks), measure time taking to load it into a new set, measure time adding the same ip list again in a new set under a new name (without removing the 1st one), repeat n times. Each new iteration takes a little longer. On the OpenWRT installation in VM, 1st iterati...