On Tue, 2007-05-01 at 05:53 +0100, Peter Bowyer wrote: > The only way I could think of doing this was a periodic rebuild of the > static IPTables rules - which isn't particulary hard, nor particularly > elegant. Have a look at Tom's 'timeban' script for inspiration - it's > designed to work the other way round (reject an IP if it's in the > database, else allow it), but that's easily fixed.
I'm not familiar with "timeban" so I don't know what it does specifically. I make fairly heavy personal use of the iptables "recent" and "hashlimit" modules - principally to prevent SSH dictionary attacks, but they could just as easily be used to prevent people doing the stuff Marc mentions. Marc: before you ask about them, please read the iptables man page from a recent version, and then if you have problems ask on a netfilter list. This isn't the place. Graeme -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
