Dns-operations mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

If you have pre-existing iptables rules, then you need to use -I instead 
of -A.  This will insert the new rule at the beginning of the chain, 
rather than adding it to the end.  You must keep in mind that iptables 
rules work strictly in order... the first rule to match the packet will 
be used, so if you add a rule to block an attacker, you always want it 
very near the top of the chain -- both for speed as well as to insure 
that the DROP rule is used before any ACCEPT rules are encountered.

On 01/10/2014 09:10 PM, Martin C wrote:
> > Any time I see one or two specific IP's slamming me, I'll just block
> > them outright.
> That's what I was doing at the start, and maintaining a simple script
> of:
> iptables -A INPUT -s IP -j DROP
>
> that worked its way up to 10 IP addresses. Then this morning, 3-4 would
> hit at a time, all different, so I would block them. Then 5 new ones
> appeared and burned through the bytes.
>
> I may go back to specifying them, but for now, your instructions at:
> http://permalink.gmane.org/gmane.network.opennic.general/4733
> with a more limited burst rate seems to be discouraging them, so
> services are back up.
>
> I'm looking out for repeat offenders though, to block specifically.
>
> Martin
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org