> -----Original Message-----
> From: fooler [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, May 21, 2000 5:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [plug]OT:killing non-active ip address
>
>
> ----- Original Message -----
> From: "Ronneil Camara" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, May 21, 2000 12:02 AM
> Subject: RE: [plug]OT:killing non-active ip address
>
> frequent reloading of any daemon is a bad practice and
> very expensive
> thing to do. regarding to your problem, it is much better to
> do it in layer
> 3 filtering (for example: ipchains) than in application
> layer (which causes
> you to reload the running daemon). doing it on layer 3 is pretty much
> flexible compare to the upper layer. you just simply add and
> remove the
> rules without reloading any running deamon on it. you can
> deny ip packets
Yeah, I will have to recode my php scripts. Pero ok lang, mas maganda nga
ito at mas mabilis.
This is what I will do; By default, internal ip subnets which is based in
rfc1918 will be blocked. Then if someone with valid username and password
logs in, I will have to insert an ALLOW ipchains of his ipaddr before the
REJECT_ALL policy rule.
Thanks fooler for the idea.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
