could you please elaborate on how you have iptables setup to work that way? <br><br><div class="gmail_quote">On Wed, Mar 30, 2011 at 4:11 PM, Gordon Henderson <span dir="ltr"><<a href="mailto:gordon%2Basterisk@drogon.net">gordon+asterisk@drogon.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Wed, 30 Mar 2011, Terry Brummell wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I think you will find Fail2Ban the defacto standard.<br>
</blockquote>
<br></div>
I don't use fai2ban. Never have, never will because I simply don't need it.<br>
<br>
Standard iptables are good enough if you can be bothered to use them to their full abilities. No need for anything else as iptables can do connection tracking and blocking against time - just like fail2ban does. More than X connections a second/minute/hour from a given IP address? Yes, iptables can detect and block that. Works for all protocolls too - SIP, IAX, POP, SSH, etc.<br>
<br>
Gordon<br><font color="#888888">
<br>
--</font><div><div></div><div class="h5"><br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br>