Тема: Iptables въпрос (Прочетена 3210 пъти)

« **Отговор #15 -:** Jul 13, 2006, 15:51 »

btw тия списъци имат ли ограничения откъм големина? Логично хрумват някои лоши идеи ако е така...

VladSun · « **Отговор #16 -:** Jul 13, 2006, 16:25 »

Примерен код

man iptables

recent
........
The module itself accepts parameters, defaults shown:

   ip_list_tot=100
   Number of addresses remembered per table

   ip_pkt_list_tot=20
   Number of packets per address remembered

   ip_list_hash_size=0
   Hash table size. 0 means to calculate it based on ip_list_tot, default: 512

   ip_list_perms=0644
   Permissions for /proc/net/ipt_recent/* files

   debug=0
   Set to 1 to get lots of debugging info

Хм, сега ми направи впечатление съществуването на hash таблица - може би все пак не го правят линейно търсенето

'>

VladSun · « **Отговор #17 -:** Jul 13, 2006, 16:37 »

Още една дискусия по въпроса: тема

VladSun · « **Отговор #18 -:** Jul 14, 2006, 03:21 »

/off
Лесно решение на проблема с препълването на таблиците на ipt_recent:

Примерен код

#!/usr/bin/perl

sub clear_recent
{
   ($file_name, $last_time) = @_;

   open(IN, '/proc/net/ipt_recent/'.$file_name) || die "Can't open ".$file_name;
   @rec_file = <IN>;
   close (IN);
   foreach (@rec_file)
   {
   chomp($_);
   $_ =~ /^src=(\d+.\d+.\d+.\d+) ttl: \d+ last_seen: (\d+)/;
   $ip = $1;
   $last_seen = $2;

   if ($last_seen < $last_time)
   {
   `echo -$ip > /proc/net/ipt_recent/$file_name`;
   }
   }
}

$last60s = time - 60*1000;
$last20s = time - 20*1000;

clear_recent("bad_ssh", $last60s);
clear_recent("bad_smtp", $last20s);

* имам 2 таблици - за ssh и smtp - iptables правилата за едната е с време на блокаж 60 сек., другата е 20 сек.

И се изпълнява на всеки 5 мин. прим. (мисля, че е достатъчно ефективно)

« **Отговор #19 -:** Jul 14, 2006, 13:48 »

Цитат (VladSun @ Юли 13 2006,14:00)

Ето ти една Стара тема.

'>

ПП: Пробвай след това с ShieldsUP

Vladsun гледам че си описал Gain.Gator но ми се струва че е по-добре да се опишат сайтовете с ad-ware и spyware в
/etc/hosts

127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 Garden.ngadcenter.net
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 oz.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpc.usads.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 rd.yahoo.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 regio.adlink.de
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 http://www.PostMasterBannerNet.com
127.0.0.1 http://www.ad-up.com
127.0.0.1 http://www.admex.com
127.0.0.1 http://www.alladvantage.com
127.0.0.1 http://www.burstnet.com
127.0.0.1 http://www.commission-junction.com
127.0.0.1 http://www.eads.com
127.0.0.1 http://www.freestats.com
127.0.0.1 http://www.imaginemedia.com
127.0.0.1 http://www.netdirect.nl
127.0.0.1 http://www.oneandonlynetwork.com
127.0.0.1 http://www.targetshop.com
127.0.0.1 http://www.teknosurf2.com
127.0.0.1 http://www.teknosurf3.com
127.0.0.1 http://www.valueclick.com
127.0.0.1 http://www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com

то вярно че и темата която си дал за пример е старичак но все пак пък и списъка който давам по-горе не е пълен

'>

Подобни теми
	Заглавие	Започната от	Отговора	Прегледи	Последна публикация
	Iptables Настройка на програми	mozly	1	11893	Dec 10, 2002, 23:48 от Vency
	iptables Настройка на програми	sunhater	3	11879	Apr 23, 2003, 15:02 от sunhater
	iptables Настройка на програми	dumdum	4	13353	Apr 30, 2003, 10:40 от dumdum
	IPTABLES Настройка на програми	achird	2	12353	May 20, 2003, 14:14 от achird
	iptables Настройка на програми	dumdum	2	10740	May 03, 2003, 17:00 от

Автор Тема: Iptables въпрос (Прочетена 3210 пъти)