[Bloat] netperf server news
Kenneth Porter
shiva at sewingwitch.com
Tue Oct 6 22:39:54 EDT 2020
--On Tuesday, October 06, 2020 7:52 AM -0400 Rich Brown
<richb.hanover at gmail.com> wrote:
> 3) I would be pleased to get comments on the set of scripts. I'm a newbie
> at iptables, so it wouldn't hurt to have someone else check the rules I
> devised. See the README at https://github.com/richb-hanover/netperfclean
A couple of alternatives to custom scripts are fail2ban and the
rate-limiting modules available for iptables such as hashlimit and recent.
I haven't used fail2ban for rate-limiting so I'm not sure if it's the right
tool for that but it monitors log files to add iptables rules for
short-term banning. It's not hard to add your own log monitoring rule. I
haven't used the iptables modules but they look like a natural solution for
this.
<https://poorlydocumented.com/2017/08/understanding-iptables-hashlimit-module/>
<https://serverfault.com/questions/682045/source-ip-rate-limiting-in-iptables-hashlimit-vs-recent>
Instead of using a unique iptables rule for each blocklist member, I
suggest using an ipset. (I use firewalld as a front-end to iptables so I
let it manage my ipsets, but you can also install ipset's service for use
with raw iptables to save and restore the sets across boots.) Your block
rule could be as simple as this:
iptables -I INPUT 1 -p tcp --dport netperf -m set --match-set
NetPerfAbusers src -m conntrack --ctstate NEW -j DROP
More information about the Bloat
mailing list