You could also try using the route-null/null-route script to drop offending IPs. I find this less "intrusive" and complicated versus dealing with iptables.
On Sat, May 7, 2011 at 12:30 PM, treydock <[email protected]> wrote: > I run CentOS 5.5 on the system with iptables. How does iptables have > to be configured to allow this? > > On May 7, 8:05 am, Frank Stefan Sundberg Solli <[email protected]> > wrote: > > Hi. > > > > Yes you can do ban on the "multiple 400 errors from same source IP" > > > > Take this example > > > > <active-response> > > <command>firewall-drop</command> > > <location>local</location> > > <rules_id>5720, 11210</rules_id> <!-- Multiple SSHD auth failures, > > proftpd --> > > <timeout>600</timeout> > > </active-response> >
