[mythtv-users] Re: atprms.net unreachable? (ip blocking)
Axel Thimm
Axel.Thimm at ATrpms.net
Tue Jun 14 18:48:33 UTC 2005
On Tue, Jun 14, 2005 at 01:44:36PM -0400, Scott wrote:
> On Jun 14, 2005, at 11:10 AM, Axel Thimm wrote:
> >The server blocks any IP that connects more than a dozen time at the
> >same moment (DoS and "download accellerators").
>
> A good feature for internet facing servers but can it be tweeked? I
> think the yum client in FC4 along with some casual browsing is
> triggering IP blocks. Also, yum tends to connect and disconnect
> several times during a transaction which may be affecting things on
> your end.
Disconnecting and reconnecting is OK, the script only checks for >= 20
*concurrent* connections. If yum really behaves unproper, please use
apt.
> If you want to check your logs look for the IP 66.57.80.76 between
> 13:00 and 14:00 ET
If it was blocked it won't reach the logs anymore. I resetted the host list.
> You most likely don't hear this enough, thanks for the help and the
> atrpms.net service.
Thanks!
If anyone has a better idea of how to deal with this, here is the
scriplet used for checking (/etc/rc.local contains the actual
firewalling):
while /bin/true; do
/bin/cp -a /etc/blockedhosts /etc/blockedhosts.old
netstat -pan | grep 160.45.32.[0-9]*:80| awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n \
| grep '^ *[2-9][0-9][0-9]* ' | awk '{print $2}' >> /etc/blockedhosts
sort -nu < /etc/blockedhosts | grep -vf /etc/whitelist > /etc/blockedhosts.new
mv -f /etc/blockedhosts.new /etc/blockedhosts
/etc/rc.local
#diff -ud /etc/blockedhosts.old /etc/blockedhosts
sleep 30
done
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20050614/77e04d59/attachment.pgp
More information about the mythtv-users
mailing list