fail2ban(opensource) is a good choice for you best On Wed, Apr 6, 2011 at 1:16 PM, Gordon Henderson <gordon+aster...@drogon.net > wrote:
> On Tue, 5 Apr 2011, Steve Edwards wrote: > > On Tue, 5 Apr 2011, Gilles wrote: >> >> I'm no expert of iptables, and it seems like it can handle banning >>> IP's that are trying to register and fail too many times. >>> >> >> Is there a good iptables configuration that I could use as reference? >>> >> >> Gordon Henderson posted a link to his script that handled failures above a >> threshold and some other cool stuff a few months back. >> >> Try searching the archives. >> > > Have a look at these: > > http://unicorn.drogon.net/firewall > > That's a very basic iptables firewall script. You can not run this as-is, > you will need to chang it. > > This: > > http://unicorn.drogon.net/firewall2 > > is a bit more complicated. It includes some more stateful rules to check > and automatically slow-down bulk connections. It's not perfect, but it could > be used as a starting point for your own thing. A word of warning though - > it's not suitable for light-weight/embedded devices. These rules can result > in significant kernel processing. > > You may also wish to look at this: > > http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system > > It's a blog post by Andrey Filippov based on some of my work and some of > his own. It's all good stuff. > > Gordon > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users