Re: Simplest way to deny access to a class C

2011-03-04 Thread krad
@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs

Re: Simplest way to deny access to a class C

2011-03-04 Thread David Brodbeck
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten ggat...@waddell.com wrote: Be careful of automated responses.  What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them?  Not good. Fortunately this is a relatively low risk with fail2ban, because to

Re: Simplest way to deny access to a class C

2011-03-04 Thread Patrick Gibson
Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider

Re: Simplest way to deny access to a class C

2011-03-04 Thread Outback Dingo
@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans

Re: Simplest way to deny access to a class C

2011-03-04 Thread Robison, Dave
-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www

Re: Simplest way to deny access to a class C

2011-03-04 Thread Jorge Biquez
I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Hello. I guess something simple could work For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all under httpd.conf and outsite as

Re: Simplest way to deny access to a class C

2011-03-04 Thread Gary Gatten
: Simplest way to deny access to a class C I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Hello. I guess something simple could work For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all

Re: Simplest way to deny access to a class C

2011-03-04 Thread Patrick Gibson
To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban

Simplest way to deny access to a class C

2011-03-03 Thread Jorge Biquez
Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I just need to block some IP class C address that are always trying to

Re: Simplest way to deny access to a class C

2011-03-03 Thread Gary Gatten
] Sent: Thursday, March 03, 2011 10:59 AM To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Subject: Simplest way to deny access to a class C Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3

Re: Simplest way to deny access to a class C

2011-03-03 Thread Nathan Vidican
Since you currently have NO firewall, then I would say the simplest method would be to turn one on, and create an open ruleset allowing all traffic, then add a filter rule to just block out what you do not want. However, having said this is the simplest way - it is not the best or even a really

Re: Simplest way to deny access to a class C

2011-03-03 Thread Michael J. Kearney
Install a wins server to stop netbios requests and a dhcp server or denying the dhcp requests won't stop them. Use natd to forward them. Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of

Re: Simplest way to deny access to a class C

2011-03-03 Thread Michael J. Kearney
Ps what log are you reading? Lol Michael J. Kearney mkear...@nvita.org wrote: Install a wins server to stop netbios requests and a dhcp server or denying the dhcp requests won't stop them. Use natd to forward them. Jorge Biquez jbiq...@intranet.com.mx wrote: Hello all. I am sorry in

Re: Simplest way to deny access to a class C

2011-03-03 Thread Frank Shute
On Thu, Mar 03, 2011 at 10:59:59AM -0600, Jorge Biquez wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 it is working fine , no problem very stable. I

Re: Simplest way to deny access to a class C

2011-03-03 Thread Patrick Gibson
You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough

RE: Simplest way to deny access to a class C

2011-03-03 Thread Gary Gatten
: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www

RE: Simplest way to deny access to a class C

2011-03-03 Thread Jorge Biquez
... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider