While it is possible, not every ISP in France and Croatia will have a .fr or .hr reverse DNS entry. And as a security professional, I would recommend keeping the log line, since you can't assume everyone in France and Croatia are legitimate users, and logs are your friends.
Another note is that setting up security on a box is not a set it and forget it tactic. It's constantly changing, and needs human intervention. Turn on extra logging, and review the logs on a regular basis. Your best bet would be to install an IPS. This would look for brute force attacks and other attack vectors and block the offending IP. Snort can be used as a IPS, but it has a learning curve. BFD can be used, but only detect brute force attacks, not SQL injections or other maclious attempts. Jeremiah E. Bess Network Ninja, Penguin Geek, Father of four On Fri, Jun 12, 2009 at 09:08, dr. Hannibal Lecter <[email protected]>wrote: > > Hi all, > > As some of you might know, I'm still a noob, so bear with me :) > > I've recently experienced a terrible security breach on my test > platform at work, which is an old Fedora 5 setup. > > Due to the fact that this platform needs to be accessible from Croatia > and France, my idea was to block all countries using iptables using > this technique: > > http://www.cyberciti.biz/faq/block-entier-country-using-iptables/ > > I'm still learning about iptables, but since the above method would > introduce thousands of addresses in iptables in my case, I assume it > would slow everything down. > > So my question is: is there a way to explicitly allow hr and fr zones > as described in the article above, but drop everything else? > > Would it be enough to change the ISO codes in the script above to "hr > fr" and change this line > > $IPT -A $SPAMLIST -s $ipblock -j DROP > > to > > $IPT -A $SPAMLIST -s $ipblock -j ACCEPT > > And then add this at the bottom: > > $IPT -A INPUT -j DROP > > ...or, there are more changes needed in the script? (I assume I won't > be needing the LOG line anylonger) > > Thanks in advance! > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
