[ic] IC not responding
Sandy Thomson
sandy at scotwebshops.com
Thu Nov 17 09:56:08 EST 2005
Peter wrote:
> Try something like (off the top of my head, untested):
>
> iptables -I INPUT -s %s -j DROP; echo 'iptables -D INPUT -s %s -j
> DROP' | at now + 1 hours
Thats pretty neat, I have never heard of the at command. Surely if you
were being hammered by multiple IP's, that would leave loads of at
processes hanging around?
On another note I dont think you should let interchange have clear
access to iptables for fairly obvious reasons, you can configure sudo to
allow access to a command with limited arguments (i.e something like
iptables -I INPUT -s (\d*.\d*.\d*.\d*)/32 -j DROP; to limit access) so
the interchange user can't do things like iptables -I INPUT -s
0.0.0.0/0 -j DROP. An even better solution would be to use something
like grsecurity, which I am planning to tinker with in the near future.
More information about the interchange-users
mailing list