Path: ...!npeer.as286.net!npeer-ng0.as286.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Jan Panteltje Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Mon, 11 Mar 2024 09:53:44 GMT Message-ID: References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; ISO-8859-15 Content-Transfer-Encoding: 8bit Injection-Date: Mon, 11 Mar 2024 09:53:45 -0000 (UTC) Injection-Info: solani.org; logging-data="1299547"; mail-complaints-to="abuse@news.solani.org" User-Agent: NewsFleX-1.5.7.5 (Linux-5.15.32-v7l+) Cancel-Lock: sha1:USAPJ8s9GNKS8qoBAF46raWJr44= X-Newsreader-location: NewsFleX-1.5.7.5 (c) 'LIGHTSPEED' off line news reader for the Linux platform NewsFleX homepage: http://www.panteltje.nl/panteltje/newsflex/ and ftp download ftp://sunsite.unc.edu/pub/linux/system/news/readers/ X-User-ID: eJwFwQcBACAIBMBK8gwhDkP6R/BO2cj6iqmJru5Sgh76RE5fVDWtR7+w4mUpn6MlLw3jfDUaWX4iYjEw9g9xMBXL Bytes: 3785 Lines: 90 On a sunny day (Mon, 11 Mar 2024 06:43:34 -0000 (UTC)) it happened jim whitby wrote in : >You may find the file: > >/etc/hosts.deny > >useful in this case, you can block by name(s) or ip(s). >Man hosts,deny >for more info I wrote a small script years ago using Linux iptables to reject bad IP adresses. raspberrypi: ~ # cat /usr/local/sbin_pi_95/ireject # this is called to add a input deny for an IP addres to ipchains, # and save the configuration. if [ "$1" = "" ] then echo "Usage: reject IP_address" exit 1 fi # OLD ipchains ##ipchains -A input -s $1 -l -j REJECT #ipchains -L ##ipchains-save > /root/firewall ##echo "reject: ipchains configuration written to /root/firewall" #iptables -A INPUT -s $1 -p all -j REJECT #iptables -A INPUT -s $1 -p all -j DROP echo "executing iptables -A INPUT -s $1 -p all -j DROP" iptables -A INPUT -s $1 -p all -j DROP echo "executing iptables -A OUTPUT -s $1 -p all -j REJECT" iptables -A OUTPUT -s $1 -p all -j REJECT iptables-save > /root/firewall2 exit 0 Therr is an other one 'load_firewall somewhere. raspberrypi: ~ # cat /usr/local/sbin_pi_95/load-firewall iptables -F #/sbin/ipchains-restore < /root/firewall /sbin/iptables-restore < /root/firewall2 There were many many entries in /root/firewall back then, daily work to keep track of attacks. Now I am on a dynamic IP address and the website is handled by a company, saves a lot of time. Things evolve all the time, iptables sets this Raspberry Pi with 8 GB memory as router too, runs with a Huawei 4G USB stick with IP 192.168.8.100 for net connection, anywhere in Europe I think, an other script: raspberrypi: # cat /usr/local/sbin/start_4g_router #!/usr//bin/bash iptables -F route add -net 192.168.0.0/16 dev eth0 echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING ! -d 192.168.0.0/16 -o eth1 -j SNAT --to-source 192.168.8.100 sleep 1 ifconfig eth0 down sleep 1 ifconfig eth0 192.168.178.1 up sleep 1 vnstat -i eth1 -s sleep 1 # default is set to 192.168.8.1, using 8.8.8.8 and 8.8.4.4 google name server lookup cp /etc/resolv.conf.GOOGLE /etc/resolv.conf sleep 1 # reduce swapping sysctl vm.swappiness=5 echo "ready" There is more, but then again, things change over time too.