On 7 Jun 2005, at 20:11, Frank Duignan wrote:
> I was looking for something similar for the same reason - I had hoped
> to
> limit ssh access to clients from a particular country - apparently NTL
> screws things up for Ireland by using UK assigned IP addresses. Can
> you limit your whitelist to particular address and address ranges used
> by known ISP's?
You can use iptables to allow access based on addresses or ranges. I'm
guessing that enough ranges to cover most Irish ISPs would lead to
quite a few iptables rules. Which brings up a question - how well does
iptables scale? Will you start to notice slowdowns with 100 rules?
1000? 10000? I know that this of course depends on the rules, and on
the CPU. And in fact, I suppose if your rules are on state new, as mine
are for ssh, it hardly matters - a further 1 second delay in setting up
an ssh connection wouldn't be a disaster, generally.
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
