I thought I had the idea of how to add an IP to be dropped like iptables
but after some further reading, I am not sure.
I add IPs to iptables that I find are trying to hack into or abuse the
system by using a script to examine log files and compile a list of IPs
and add them to iptables. Of course that requires a restart of iptables
for the new rules to take effect.
I thought I could add the IPs to the DROP zone as sources. That
apparently is not what I should do. That leaves me with what I should do
and can it be done.
I have over 8000 host IPs that I drop using:
-A INPUT -s 222.221.2.210 -j DROP
-A INPUT -s 222.221.12.13 -j DROP
-A INPUT -s 222.221.12.104 -j DROP
-A INPUT -s 222.221.88.88 -j DROP
How do I drop connections to hosts that have abused the privilege of
connecting to a service?
I was using
for i in `grep DROP iptables | awk '{print $4}' | sort -n -t. -k1,1
-k2,2 -k3,3 -k4,4`
do
firewall-cmd --permanent --zone=drop --add-source=${i}/32
done
That is extremely slow by the way since two files are written for each
add. Took a long time to add 8000+ records. It would be nice to have a
batch mode to do multiple inserts.
The public zone is still default. The network interface is in zone home
and my VPN connection is in zone work.
Any guidance is greatly appreciated.
John
Show replies by thread