On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson <gordon+aster...@drogon.net> wrote: > Linux has excellent built-in subsystems to control firewalling and so on > without resorting to external programs. It's called iptables. If you know > how to use them, then using an external resource such as fail2ban is > unneccessary.
That's like saying you don't need FreePBX because you have this thing called Asterisk. Though I've never used Fail2Ban, it is an excellent example of "middleware" that looks at application level events and feeds updates to iptables. So the important blocking is happening in kernel mode, not userland. Your example: > For example, with iptables rules you can say something like: If a connection > from a remote site to a local port happens more than (say) once a second then > drop that connection. doesn't always work well for some applications. Ever look at WebDAV traffic? Code me an iptables rule that figures out someone is doing bad things via WebDAV :-) -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
