Re: [ic] IC not responding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ic] IC not responding

Subject: Re: [ic] IC not responding
Date: Thu, 17 Nov 2005 14:56:08 +0000
From: Sandy Thomson <suppressed>

Peter wrote:

Try something like (off the top of my head, untested):
iptables -I INPUT -s %s -j DROP; echo 'iptables -D INPUT -s %s -jDROP' | at now + 1 hours

Thats pretty neat, I have never heard of the at command. Surely if youwere being hammered by multiple IP's, that would leave loads of atprocesses hanging around?

On another note I dont think you should let interchange have clearaccess to iptables for fairly obvious reasons, you can configure sudo toallow access to a command with limited arguments (i.e something likeiptables -I INPUT -s (\d*.\d*.\d*.\d*)/32 -j DROP; to limit access) sothe interchange user can't do things like iptables -I INPUT -s0.0.0.0/0 -j DROP. An even better solution would be to use somethinglike grsecurity, which I am planning to tinker with in the near future.

_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Follow-Ups:
- Re: [ic] IC not responding
  - From: John1
- Re: [ic] IC not responding
  - From: Jon Jensen

References:
- RE: [ic] IC not responding
  - From: Ron Phipps
- Re: [ic] IC not responding
  - From: John1
- Re: [ic] IC not responding
  - From: Sandy Thomson
- Re: [ic] IC not responding
  - From: John1
- Re: [ic] IC not responding
  - From: Peter

Prev by Date: RE: [ic] mod_interchange and Apache MaxClients
Next by Date: RE: [ic] mod_interchange and Apache MaxClients
Previous by thread: Re: [ic] IC not responding
Next by thread: Re: [ic] IC not responding
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.