Hi Jeff,

>> Is it from someone like Yandex that fills up your nodes?  That started
>> happening here.. so I use this line to keep them off the bbs nodes:
>> iptables -A OUTPUT -p tcp -m string --string
"block-me.com" --algo kmp -j
>> REJECT
>> That is all one line, and of course you change
"block-me.com" to the name of
>> the site that is nailing your system... works well here.

> Here a domain name doesn't show up, just an IPv4 address.

What does your system show when you type 'host '? For
instance, over here I see this with the host command:

~host 213.180.204.62
62.204.180.213.in-addr.arpa domain name pointer yandex.com.

> I have started to
> add the IP's to block them. I was looking for a way to limit x connection
> attempts from the same IP address within x seconds. And decided to use the
> command line:

> iptables -A INPUT -p tcp --dport 23 -i eth0 -m state --state NEW -m recent
> --update --seconds 10 --hitcount 3 -j DROP

Yes, I use that line as well.  It obviously wasn't enought though yesterday. :(

I use that line above, and also this one (again, all on one line):

iptables -A OUTPUT -p tcp -m string --string "yandex.com" --algo
kmp -j REJECT

Three times yesterday, one of my users tried to upload his replies and was
unable to.. As I said that's when I went digging for a way to restart bbbs.

Take care,
Janis

--- BBBS/Li6 v4.10 Toy-4