Subj : Re: Linux, MIS, and Automatic IP Blocking (A Solution)
To   : Scott Street
From : Christian Sacks
Date : Tue Jul 02 2024 04:59 pm

On 01 Jul 2024, Scott Street said the following...
 
 SS> So the basic flow of this process.
 SS> 1) MIS decides to block a given IP because it violates the connection
 SS> attempt rules set in the individual server configuration table.
 SS> 2) MIS executes the "IP Blocked" event, which adds the IP to the list
 SS> 3) Every 5 mins, the cron job runs and adds all the queued IPs to the
 SS> iptables input filter, and after the new list of IPs have been added,
 SS> makes them persistent across restarts with netfilter-persistent.
 SS> 
 SS> You can track the activity of this process using your system log -
 SS> journalctl for me, I'm on Debian 12 (bookworm). 
 SS> 
 SS> I hope you find this useful,  especially those of you running some
 SS> flavor of Linux.  Also: some filename and directories have been changed
 SS> from my actual to simplify this message.

I think on the whole this is a nice approach, however what happens when Mystic 
accidentally blacklists your own IP, or it'self? Then you have iptables 
blocking you out and you won't be able to get back in =)

Can you modify that to only block on the ports you have for telnet/ssh to the 
BBS (assuming SSH to the bbs is different to SSH to the cli).

.... Redundant book title: DOS For Dummies

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
 * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (2:250/5)

.