On Wed, 2011-02-02 at 08:24 -0700, Martin Langhoff wrote: > On Tue, Feb 1, 2011 at 6:28 PM, Anna <ascho...@gmail.com> wrote: > > My test XS at home has a FQDN and is open to the outside. Therefore this is > > probably a pretty rare issue in XS land, but I thought I'd ask. > > In general, I'd keep it closed. It's not designed as a full internet server. > > > Getting them into /etc/sysconfig/olpc-scripts/iptables-xs is easy enough. I > > pasted the IP data into a file named banned_ips.txt and ran this little > > script: > > > > #!/bin/bash > > for i in $(< banned_ips.txt); do > > iptables -A INPUT -s "$i" -j DROP > > done > > You could do the same from the init script even. > > > Here's my question - is the XS networking going to get wonky with 894 extra > > iptables rules? > > Short answer - no. > > Slightly longer: no, but if the list grows and starts to cost you in > network perf, might be worth looking at ipset > http://www.netfilter.org/projects/ipset/index.html > > cheers,
Not easy with Fedora, you need to patch the kernel and iptables to get ipsets. https://bugzilla.redhat.com/show_bug.cgi?id=196234 Jerry _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel