hosts.deny vs arno ip tables blocked hosts
Hi All
A client of mine has a mail server running Gentoo, it has Arno Ip tables installed for the firewall. The person who setup up the server had not loaded anything to block IP addresses with failed login attempts.
I am using denyhosts to block offending IP address. Its amazing how many attempts from people there are to log into the server.
Dnyhosts adds the offending IP addresses to hosts.deny. I have taken to also adding ip's to the blocked hosts in arno ip tables when I have seen attempts in the log files.
Which is the better place to do it? I manually restart Arno Ip tables each time I add an ip address there.
Is it possible to block IP addresses using wildcards. I want to essentially block all attempts from, 103.41.x.x. I have noticed a pattern where the last part of the IP address changes so ideally I want to block all ip address in that range.
Thanks in Advance
|