I know I am new at this so here is my question: -I set up bastille + firestarter (2 better than one isn't it) - I have snort with acidlab -I have portsentry
Acidlab reports lots of attempts through an ISP in Sweden apparently. I believe that my setup is correct and the attempts (not enough time to get familiar with acidlab) are useless. The ip address of these "attempts" is 80.xxx.xxx.x. Now, I was thinking in blocking this as follows. iptables -A INPUT -s 80.xxxx -j DROP Is this correct? can I add this rule at boot time? Is there a way to do it on firestarter? I don't even know if I am doing the right. Thanks, Joe M.
