auto dropping excessive traffic using iptables

mlewis · 06-15-2011, 07:10 PM

When someone runs a script against some of our web servers, I end up having to manually log into a number of servers so that I can add something like;

iptables -A INPUT -p ALL -s x.x.x.x/x -j REJECT

Needless to say, that is a bit much because for one, I'm not always near the servers and two, it's a manual task.

Is there some way of automating this? I'm sure there are programs out there which do this, just don't know which that aren't heavily complex for this simple task.

Thanks.

kbp · 06-15-2011, 08:17 PM

There are a few possible solutions - take a look at fail2ban for a start. You could also add rate-limiting for iptables, there are plenty of tutorials available.

cheers

mlewis · 06-15-2011, 08:46 PM

Quote:

Originally Posted by kbp

There are a few possible solutions - take a look at fail2ban for a start. You could also add rate-limiting for iptables, there are plenty of tutorials available.

cheers

I'm familiar with fail2ban but I'm hoping for something very simplified for this process. Just wondered if there was something out there, often is when it comes to Linux.

I'll look into rate limiting but I'm almost sure I tried that once but it didn't work for some reason. The connections I'm wanting to drop would be to port 80 and 443 only. Basically, someone running a script looking for paths and software.
Maybe it didn't work out then because how could it know that it was a legit http connection or not.