Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-28-2009, 11:02 AM   #1
LQ Newbie
Registered: Jan 2009
Posts: 13

Rep: Reputation: 0
Debian Lenny - iptables+dnsbl/rbl check


Is it possible to setup iptables so that I can add filters to specific ports so that iptables checks whether the connecting IP is on an rbl or dnsbl?
If it's not; allow the IP to connect, if it's on the list, block it and log the event.

Thank you for your help.

PS: I already tried but then I get the error "mysqld[3432]: warning: /etc/hosts.deny, line 20: open /usr/local/bin/checkdnsbl: Too many open files". Can I without causing problems raise the open files limit or is this dangerous?
Old 01-29-2009, 08:00 PM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
As far as I know the DNS-bl is for ISP-only use and RBLs are usually associated with MTA-usage, not Netfilter. Checkdnsbl is a shell script (interpreted), doesn't use 'mktemp', works only if your `man 5 hosts_access` uses "aclexec" (not spawn) and caches queries by sleeping each for 5 minutes (default). So if you would deploy it for all services on a host that sees lots of connections you'll notice 'sleep' processes the amount of unique IP addresses it checks times the services that get hit. Not that I know of any alternative (the closest I've come to remote checks is but that's not what you're looking for) and I've seen better methods to wreck performance :-] Why not just use RBLs with your MTA, block ingress and egress bogons, use iptables modules like "recent", deploy Snort with an access blocker, anything but this... makes me wonder (this being the Linux Security forum) what you would get out of it security-wise anyway?.. (and welcome to LQ BTW, hope you like it here)
Old 01-30-2009, 02:18 AM   #3
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
packetbl does exactly what you're asking.
Old 01-31-2009, 06:42 AM   #4
LQ Newbie
Registered: Jan 2009
Posts: 13

Original Poster
Rep: Reputation: 0
thanks for the help :-)


debian, iptables, lenny

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNSBL blocks and iptables fukawi2 Linux - Networking 2 10-26-2008 07:57 PM
Updating Debian Etch to Debian Lenny bartock Debian 4 02-09-2008 09:15 AM
Tuxguitar on Debian Lenny real_archer Linux - Software 5 12-16-2007 09:18 AM
RBL Check Infinite-Monkeys timed out and was killed romel Red Hat 2 05-22-2004 12:25 AM
I need RBL/DNS Server and RBL list cccc General 0 01-09-2004 04:57 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration