I prefer xt_recent instead of adding each banned ip using iptables -I (...).
You need only something like
$IPTABLES_BIN -A INPUT -j DenyAccess
$IPTABLES_BIN -A INPUT -m recent --update --seconds 86400 --name DenyAccess --hitcount 1 -j DROP
and can then add blocked ips with "echo 1.2.3.4 > /proc/net/xt_recent/DenyAccess"
To remove a single ip, "echo -1.2.3.4 > /proc/net/xt_recent/DenyAccess" will do the job.
Maybe you need to increase the amount of "/sys/module/xt_recent/parameters/ip_list_tot".
regards
Florian
|