Hi all, As some of you might know, I'm still a noob, so bear with me :)
I've recently experienced a terrible security breach on my test platform at work, which is an old Fedora 5 setup. Due to the fact that this platform needs to be accessible from Croatia and France, my idea was to block all countries using iptables using this technique: http://www.cyberciti.biz/faq/block-entier-country-using-iptables/ I'm still learning about iptables, but since the above method would introduce thousands of addresses in iptables in my case, I assume it would slow everything down. So my question is: is there a way to explicitly allow hr and fr zones as described in the article above, but drop everything else? Would it be enough to change the ISO codes in the script above to "hr fr" and change this line $IPT -A $SPAMLIST -s $ipblock -j DROP to $IPT -A $SPAMLIST -s $ipblock -j ACCEPT And then add this at the bottom: $IPT -A INPUT -j DROP ...or, there are more changes needed in the script? (I assume I won't be needing the LOG line anylonger) Thanks in advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
