On Tue, Feb 1, 2011 at 6:28 PM, Anna <ascho...@gmail.com> wrote: > My test XS at home has a FQDN and is open to the outside. Therefore this is > probably a pretty rare issue in XS land, but I thought I'd ask.
In general, I'd keep it closed. It's not designed as a full internet server. > Getting them into /etc/sysconfig/olpc-scripts/iptables-xs is easy enough. I > pasted the IP data into a file named banned_ips.txt and ran this little > script: > > #!/bin/bash > for i in $(< banned_ips.txt); do > iptables -A INPUT -s "$i" -j DROP > done You could do the same from the init script even. > Here's my question - is the XS networking going to get wonky with 894 extra > iptables rules? Short answer - no. Slightly longer: no, but if the list grows and starts to cost you in network perf, might be worth looking at ipset http://www.netfilter.org/projects/ipset/index.html cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- Software Architect - OLPC - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel