On Tue, Dec 05, 2006 at 07:12:42PM -0500, Brian McEwen wrote:
> On Dec 5, 2006, at 3:37 PM, Michael Gorsuch wrote:
> 
> > I like the idea of dynamically blocking the single IP for a period  
> > of time.
> >
> > I generally think blocking an entire network is a *bad thing*,  
> > considering that any number of potential 'good' users could be on  
> > that as well.
> 
> I was recently traveling in S America, and was unable to get to my  
> server for a while as I had moved into an area that for which I had  
> manually blocked the whole /16.   grumble.
> 
> I am revisiting the idea of setting up the denyhosts or other script  
> with an auto timeout, so I'd block just bad IPs, and even then have a  
> time limit (weeks/month/whatever) before allowing at least a few  
> connections again.

i'm new to netbsd (been using freebsd on a more or les closed
environment for some 10 years and qnx in a closed, no outside
connectivity whatever for 6-8 years before .. over all i'm green when
it comes to internet connectivity and firewall stuff in general .. i'd
very much appreciate some ideas script fragments implementation plans
whatever .. please.

i recently cut my /24 adress block down to a manageble
(traffic/accessability for the small client base) /28 (umm 16 with 14
usable hosts). the traffic on a 24/7 pppd connection is getting
somewhat horendious .. i remember when the growing usenet feed was the
bigest component of the billable traffic incoming traffic .. grouch. 

very much appreciate any assistance help you can show a begginger.

muchly appreciated, most kind regards

jonathan

seasons greetings and best wishes for the coming new year

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====