Might it not make more sense to create DROP rules for those IP addresses,
rather than DENY? My understanding of iptables rules is somewhat limited,
but if you use DROP rules, won't that at least slow down the infected
machine, waiting for the connection to your Linux box to time-out?
[snip]
> >
> > I already have a shell script ready to go containing ~2400 lines of:
> >
> > /sbin/ipchains -I input -s 208.3.252.37 -j DENY
> > /sbin/ipchains -I input -s 208.165.50.100 -j DENY
> > /sbin/ipchains -I input -s 208.242.215.200 -j DENY
[snip]
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
