On Apr 7, 10:55 pm, Matt Feifarek <matt.feifa...@gmail.com> wrote: > If indeed it is small numbers of IPs, don't forget about tcpwrappers > (hosts.allow and hosts.deny); probably easier to get going than iptables.
tcpwrappers only works for services started from inetd or that have explicit support built in (i.e. some ssh daemons). Apache doesn't have support for hosts.allow/hosts.deny. if it is a small list, he could put entries in .htaccess with: deny from 1.2.3.4 deny from 1.2.4.6 deny from 1.2.6.0/24 deny from 1.2.7 However, the mistake of doing: deny from 1.2.3.* should not be done as the * will specify a wildcard, and cause apache to have to do a reverse DNS lookup for each IP since 1.2.3.domain.com could be considered invalid. The DNS resolution could also create its own mini-DOS. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.