Is there an easy way to maintain a general blacklist? I get a lot of general sniffing and anon-ftp attempts from Germany and Denmark on a box that doesn't support anonymous connections, and only hosts sites serving customers in the US, so I would like to block those IPs in the future.
I've just been (manually) adding IPs to my IPChains configuration but this seems like the hard way... Is there an easier and/or better way? I'm running a RedHat 7.2 box that's already blocking everything but SSH, HTTP, FTP and POP/SMTP using IPChains. SMTP relaying is limited by TCPServer (for qmail). I guess a good side topic is: am I overreacting by blacklisting these IPs? Is there a more reasonable way to go (say, limiting them to port 80 & 25 only?). I'd appreciate thoughts on that as well. Thanks for the assist, V --
