Re: [tlug] iptable blocking IP addresses

[Godwin Stewart <gstewart@example.com>]

On Sun, 22 Feb 2004 18:57:48 -0800 (PST), Gerald Naughton
<naughton123@example.com> wrote:

> Now when I look at my logs
> I see that 
> inetnum:      61.140.0.0 - 61.143.255.255
> netname:      CHINANET-GD
> 
> is trying to access ports etc

You'll find that the whole of China is a huge sewage pit, with Korea,
France[1] and the whole of LACNIC[2] not much cleaner. The IP ranges
allocated to China and Korea are available at http://blackholes.us.

If you have the leisure of cutting these zones off altogether you should
achieve lossless compression of your logs with no degradation of your
Internet experience.


[1] - If you can't cut off the whole of France, at least cut off wanapoo.fr.
      BIND zonefile available - easy enough to convert to iptables rules.

[2] - BIND zonefile available here too.

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683 (Slackware 9.0, Linux 2.4.24)
--------------------------------------------------------------
I haven't lost my mind; I know exactly where I left it.

Attachment: pgp00078.pgp
Description: PGP signature