On 12/2/2011 12:44 PM, Steve Edwards wrote:
On Fri, 2 Dec 2011, Jim Lucas wrote:
How is using Fail2Ban less resource intensive then me writing (by
hand) iptable rules?
It depends on how you define resources and how much of those resources
you have.
Gordon (based on my understanding of his posts) does a lot of Asterisk
systems on very limited hardware hosts. His approach uses iptables
features to limit the number of SIP INVITES and REGISTERS per second
per IP address.
Thus, Gordon's approach is more responsive (since it doesn't require
periodic log file scanning) and requires less hardware resources
(since it doesn't depend on running relatively 'slothish' resource
intensive script interpreters like Perl or PHP periodically).
If you have limited admin skills and more hardware resources, F2B
makes sense.
If you have more admin skills and limited hardware resources, Gordon's
approach makes more sense.
Personally, I find any approach that tracks log files 'hackish' but if
you centralize your logging (which I always do) it does allow you to
detect patterns of abuse across multiple hosts.
Now this, I would say was very well put.
As always, just my opinion.
JohnM
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
