Good ${greeting_time}, Stephen!
12 Dec 2017 09:00:00, you wrote to Joaquim Homrighausen:
av>>> If you want to do exactly that, simply use CIDR notation with -s
av>>> parameter.
JH>> Using IPTABLES ... or did you mean with ipset? I can't use ipset in
JH>> this specific case, and listing thousands of nets using IPTABLES is
JH>> usually a bad idea.
SW> Will this work?
SW> https://github.com/tlhackque/BlockCountries
This never works, as there would always be at least one trojaned computer in
your own country...
Limiting the number of connections per minute does that (SSH protection) best.
Especially being combined with key-only authentification (if you choose proper
algorithms, of course).
--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii
... that's why I really dislike fools.
--- /bin/vi
* Origin: http://openwall.com/Owl (2:5020/545)
|