If you should never get a request outside the US why should you look any further to deny it? This is not complete protection by any measure but it makes an easy first step. I used to go one step further and block my dynamic hosted websites (where you don't get to mess with iptables) from being touched by people out side their target zone (usually US and Canada). It immediately cuts the number of admin.php request by more then half ;) That said you still need additional protection for ips you do allow through to the next set of rules. -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Craig White Sent: Monday, March 30, 2009 8:39 AM To: Main PLUG discussion list Subject: Re: starting by iptable deny all of china is a good start. - Re:OT? Linux-based trojans now targeting WRT and other linux-based routers On Mon, 2009-03-30 at 08:30 -0400, kitepilot@kitepilot.com wrote: > And how do I: > "starting by iptable deny all of china" ? > > I can figure out the "iptable" part, it is the "china" part (and other > possible places where I know I will only get spam from) that I am > unaware of... ---- I do not believe that this is constructive thinking. It's easy enough for someone in China to use a computer somewhere else as a base for operations and that security doesn't come from just arbitrarily picking ranges of ip addresses to block. Security would necessarily require effectiveness from virtually everywhere - possibly even your own 'trusted' lan. Spam control on the other hand doesn't rely much on iptables at all but rather many layers of implementation such as RBL's, greylisting (optional but effective), spamassassin, smtp level restrictions and more. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss