Now, xt_geoip is never loaded (nor are the other ones).
Vieri
Dear Vieri
Could you please explain why you don't want the module xt_geoip to be
loaded? For Linux system, loading it really doesn't matter. This loaded
module takes about 16KB in RAM, so as much as nothing, and really in
combination with GeoIP lists it "does the job". I have an internet-open
port tcp/22 on which OpenSSH daemon works. How do you think almost 90%
of bruteforce logins come from? As not otherwise, only from CN ;-)
Combined with the fai2ban program the threat is solved. Attackers are
being blocked by dynamically adding addresses to the Shorewall blacklist
when they try to log on badly.
Best regards
Witek
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
