--On Sunday, April 19, 2020 10:30 AM -0400 Jeffrey Walton
wrote:
Ugh, thanks. I did not realize the changes were only temporary.
What is the recommended way to permanently add a ban rule?
service iptables save
That runs the initscript that knows how to save the running firewall to
Insert the rule early in the chain. To determine where, I use this command:
iptables -L INPUT -v -n --line-numbers
You should put the new rule before rule 1, I think, so it takes effect
before even the ESTABLISHED rule from the connection tracker.
Use this:
iptables -I INPUT 1 -s
Am 19.04.2020 um 14:58 schrieb Jeffrey Walton:
The offending host is 59.64.129.175. To err on the side of caution we
attempted to block the entire netblock. According to whois data,
that's 59.64.128.0-59.64.159.255.
iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP
There was no comment
On Sun, Apr 19, 2020 at 8:58 AM Jeffrey Walton wrote:
>
> Hi Everyone,
>
> We rent a CentOS 7 VM from GoDaddy. We received a warning about
> excessive cpu usage, and a threat to cancel our service. We tracked it
> down to Apache and someone hammering our web server.
>
> The offending host is
On Sun, Apr 19, 2020 at 9:45 AM Anand Buddhdev wrote:
>
> Personally though, I find firewalld to be cumbersome, so I remove it
> completely, and installed instead "iptables-services".
>
Ya, i agonized over accepting firewalld.
I'm a smalltime manager who wears many hats and doesn't have alot of
Sent: Sunday, April 19, 2020 2:44 PM
To: CentOS mailing list
Subject: Re: [CentOS] Netfilter fails to filter traffic from a netblock?
On Sun, Apr 19, 2020 at 9:40 AM Mike <1100...@gmail.com> wrote:
Thought it might also be helpful to confirm that firewalld is not
interfering in any way.
On 19/04/2020 15:30, Jeffrey Walton wrote:
> Ugh, thanks. I did not realize the changes were only temporary.
>
> What is the recommended way to permanently add a ban rule?
On CentOS 7, the default firewall is "firewalld", and you can configure
it with "firewall-cmd". You can use it to add
On Sun, Apr 19, 2020 at 9:40 AM Mike <1100...@gmail.com> wrote:
>
> Thought it might also be helpful to confirm that firewalld is not
> interfering in any way.
>
> what is the output of ~$# systemctl status firewalld
Thanks Mike.
# systemctl status firewalld
Unit firewalld.service could
Thought it might also be helpful to confirm that firewalld is not
interfering in any way.
what is the output of ~$# systemctl status firewalld
On Sun, Apr 19, 2020 at 9:30 AM Jeffrey Walton wrote:
>
> On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev wrote:
> >
> > On 19/04/2020 14:58, Jeffrey
On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev wrote:
>
> On 19/04/2020 14:58, Jeffrey Walton wrote:
>
> Hi Jeffrey,
>
> > The offending host is 59.64.129.175. To err on the side of caution we
> > attempted to block the entire netblock. According to whois data,
> > that's
On 19/04/2020 14:58, Jeffrey Walton wrote:
Hi Jeffrey,
> The offending host is 59.64.129.175. To err on the side of caution we
> attempted to block the entire netblock. According to whois data,
> that's 59.64.128.0-59.64.159.255.
>
> iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP
>
>
Hi Everyone,
We rent a CentOS 7 VM from GoDaddy. We received a warning about
excessive cpu usage, and a threat to cancel our service. We tracked it
down to Apache and someone hammering our web server.
The offending host is 59.64.129.175. To err on the side of caution we
attempted to block the
12 matches
Mail list logo
