iptables preferred IP block
Hi all,
I am fairly new to this self-hosting so please don't hit me too hard
Can you please provide some of your IP tables IP blocks which you apply on your server?
I am asking because I saw a huge number of strange IP attempts in my Dovecot logs. There are so many of them that they crash Dovecot at some point
BTW, I am using Ubuntu 18 on this server. Is it better to use iptables or firewalld which comes by default with Ubuntu?
Thank you in advance!
Also, if you think that this topic should be moved to some other category, please tell me
Regards,
Igor
Comments
Boss,
You are better off installing and configuring csf. Will make your life a lot easier
https://configserver.com/cp/csf.html
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Use something like ConfigServer Security & Firewall (csf) or Fail2Ban
If you want to block full country ranges you can get them here: http://ipverse.net
• Temporary Disposable Email •
fail2ban can do most of what you’ll want. If you need to ban large amounts of IPs, may I suggest... ipset for banning with iptables, then iprange to consolidate ranges
The default one for Ubuntu is ufw, has GUI too.
Also try sshguard
I personally prefer firewalld over iptables. It's much easier to deal with, for the most part.
I've been getting some weird CPU consumption issues with sshguard and firewalld on CentOS 8. 41% CPU usage of firewalld on a single core, 1GB VPS until I turn off sshguard. FreeBSD and IPFW seem to be fine, which is the extent of my testing.