Subj : Re: Linux, MIS, and Automatic IP Blocking (A Solution)
To   : All
From : Christian Sacks
Date : Tue Jul 02 2024 23:59:18

From: nospam.Christian.Sacks@f5.n250.z2.fidonet.org (Christian Sacks)

On 01 Jul 2024, Scott Street said the following...
 
 SS> So the basic flow of this process.
 SS> 1) MIS decides to block a given IP because it violates the connection
 SS> attempt rules set in the individual server configuration table.
 SS> 2) MIS executes the "IP Blocked" event, which adds the IP to the list
 SS> 3) Every 5 mins, the cron job runs and adds all the queued IPs to the
 SS> iptables input filter, and after the new list of IPs have been added,
 SS> makes them persistent across restarts with netfilter-persistent.
 SS> 
 SS> You can track the activity of this process using your system log -
 SS> journalctl for me, I'm on Debian 12 (bookworm). 
 SS> 
 SS> I hope you find this useful,  especially those of you running some
 SS> flavor of Linux.  Also: some filename and directories have been changed
 SS> from my actual to simplify this message.

I think on the whole this is a nice approach, however what happens when Mystic 
accidentally blacklists your own IP, or it'self? Then you have iptables 
blocking you out and you won't be able to get back in =)

Can you modify that to only block on the ports you have for telnet/ssh to the 
BBS (assuming SSH to the bbs is different to SSH to the cli).

..... Redundant book title: DOS For Dummies

--- NewsGate v1.0 gamma 2
 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

.