Re: loading huge number of rules in iptables (blocklist)

From: "H.S." <hs.samix@xxxxxxxxx>
Date: Wed, 21 Mar 2007 14:30:06 -0400

Andrew Sackville-West wrote:

I'm sorry, but what exactly is the purpose here? I did a little poking
around and it looks like just a massive list of ip's to block, but for
what purpose?

I'm not trying to say that this is not the right solution for whatever
your problem is, but it certainly seems very brute force. Hence my
questions.

We were discussing some rogue p2p sites which try to connect to
bittorrent clients to collect information about the users. The
discussion was prompted by a number of posts on slashdot, which led to
peerguardian website and kind of took off from there. The purpose is to
block/drop traffic from all the ip ranges listed in blocklist provided
by peerguardian website. I can give more pointers if this is not sufficient.

The result was the experiment to use the massive blocklist and to
automate the process in iptables firewall on a router -- needs iptables,
bash, curl and maybe pythong or perl. I am giving it a shot. As I said
before, this is the first attempt.

->HS

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: loading huge number of rules in iptables (blocklist)
  - From: Andrew Sackville-West

References:
- loading huge number of rules in iptables (blocklist)
  - From: H.S.
- Re: loading huge number of rules in iptables (blocklist)
  - From: H.S.
- Re: loading huge number of rules in iptables (blocklist)
  - From: Ron Johnson
- Re: loading huge number of rules in iptables (blocklist)
  - From: H.S.
- Re: loading huge number of rules in iptables (blocklist)
  - From: Andrew Sackville-West
- Re: loading huge number of rules in iptables (blocklist)
  - From: H.S.
- Re: loading huge number of rules in iptables (blocklist)
  - From: Andrew Sackville-West

Prev by Date: Re: when you do an apt-get upgrade, does it matter it you do it as 'root'?
Next by Date: Re: ..voice recognition, was: To be M$ free....
Previous by thread: Re: loading huge number of rules in iptables (blocklist)
Next by thread: Re: loading huge number of rules in iptables (blocklist)
Index(es):
- Date
- Thread

Relevant Pages

Re: [OT] revision control: git vs mercurial as replacement for bzr
... best for my particular purpose. ... Almost impossible in a public forum. ... You might want to look at this reference which compares features. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Relay-Only MTA and `-s Parameter
... purpose, I needed to setup a relay-only MTA. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: [OT] Offtopics and community (was: I also am AAAAANGRY)
... Doesn't that entirely defeat the purpose of seperate mailing lists? ... managing one's own mailbox onto someone other than the mailbox owner? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: /proc/net info ?
... rt_cache and softnet_stat are for what purpose ... Be smarter than spam. ... junk email the boot with the All-new Yahoo! ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: How to create a debian-Cd like a standard
... I create a debian Cd from a selected packages for my own purpose, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)