Article <usmkb9$17l2r$1@solani.org>

Deutsch English Français Italiano
<usmkb9$17l2r$1@solani.org>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!npeer.as286.net!npeer-ng0.as286.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: Jan Panteltje <alien@comet.invalid>
Newsgroups: sci.electronics.design
Subject: Re: Chinese downloads overloading my website
Date: Mon, 11 Mar 2024 09:53:44 GMT
Message-ID: <usmkb9$17l2r$1@solani.org>
References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com>	<6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> <usec35$130bu$1@solani.org>	<u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org>	<t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org> <usm96m$3fkqg$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; ISO-8859-15
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 11 Mar 2024 09:53:45 -0000 (UTC)
Injection-Info: solani.org;
	logging-data="1299547"; mail-complaints-to="abuse@news.solani.org"
User-Agent: NewsFleX-1.5.7.5 (Linux-5.15.32-v7l+)
Cancel-Lock: sha1:USAPJ8s9GNKS8qoBAF46raWJr44=
X-Newsreader-location: NewsFleX-1.5.7.5 (c) 'LIGHTSPEED' off line news reader for the Linux platform
 NewsFleX homepage: http://www.panteltje.nl/panteltje/newsflex/ and ftp download ftp://sunsite.unc.edu/pub/linux/system/news/readers/ 
X-User-ID: eJwFwQcBACAIBMBK8gwhDkP6R/BO2cj6iqmJru5Sgh76RE5fVDWtR7+w4mUpn6MlLw3jfDUaWX4iYjEw9g9xMBXL
Bytes: 3785
Lines: 90

On a sunny day (Mon, 11 Mar 2024 06:43:34 -0000 (UTC)) it happened jim whitby
<mr.spock@spockmall.net> wrote in <usm96m$3fkqg$1@dont-email.me>:

>You may find the file:
>
>/etc/hosts.deny
>
>useful in this case, you can block by name(s) or ip(s).
>Man hosts,deny
>for more info

I wrote a small script years ago using Linux iptables to reject bad IP adresses.

raspberrypi: ~ # cat /usr/local/sbin_pi_95/ireject
# this is called to add a input deny for an IP addres to ipchains,
# and save the configuration.

if [ "$1" = "" ]
then
        echo "Usage: reject IP_address"
        exit 1
fi

# OLD ipchains
##ipchains -A input -s $1 -l -j REJECT
#ipchains -L
##ipchains-save > /root/firewall
##echo "reject: ipchains configuration written to /root/firewall"

#iptables -A INPUT -s $1 -p all -j REJECT
#iptables -A INPUT -s $1 -p all -j DROP 

echo "executing iptables -A INPUT -s $1 -p all -j DROP"
iptables -A INPUT -s $1 -p all -j DROP 

echo "executing iptables -A OUTPUT -s $1 -p all -j REJECT"
iptables -A OUTPUT -s $1 -p all -j REJECT

iptables-save > /root/firewall2

exit 0

Therr is an other one 'load_firewall somewhere.
raspberrypi: ~ # cat /usr/local/sbin_pi_95/load-firewall
iptables -F
#/sbin/ipchains-restore < /root/firewall
/sbin/iptables-restore < /root/firewall2



There were many many entries in /root/firewall back then, daily work to keep track of attacks.
Now I am on a dynamic IP address and the website is handled by a company,
saves a lot of time.

Things evolve all the time, iptables sets this Raspberry Pi with 8 GB memory as router too,
runs with a Huawei 4G USB stick with IP 192.168.8.100 for net connection, anywhere in Europe I think,
an other script:

raspberrypi: # cat /usr/local/sbin/start_4g_router
#!/usr//bin/bash

iptables -F

route add -net 192.168.0.0/16 dev eth0

echo 1 >/proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING ! -d 192.168.0.0/16 -o eth1 -j SNAT --to-source 192.168.8.100
sleep 1

ifconfig eth0 down
sleep 1

ifconfig eth0 192.168.178.1 up
sleep 1

vnstat -i eth1 -s
sleep 1

# default is set to 192.168.8.1, using 8.8.8.8 and 8.8.4.4 google name server lookup
cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
sleep 1

# reduce swapping
sysctl vm.swappiness=5

echo "ready"


There is more, but then again, things change over time too.