Qnewbie

Based on the information from bublestar&ckleea C-hings, it is recommended to use iptables to block ip addresses with following commands:

1. iptables -I INPUT -m iprange --src-range 119.176.0.0-119.191.255.255 -j DROP
   
2. iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
   
3. iptables -I INPUT -m iprange --src-range 202.99.121.0-202.99.121.255 -j DROP
   
4. iptables -I INPUT -m iprange --src-range 95.211.0.0-95.211.255.255 -j DROP
   
5. iptables -I INPUT -m iprange --src-range 174.132.0.0-174.133.255.255 -j DROP
   
6. iptables -I INPUT -m iprange --src-range 222.232.0.0-222.239.255.255 -j DROP
   
7. iptables -I INPUT -m iprange --src-range 202.102.0.0-202.102.127.255 -j DROP
   
8. iptables -I INPUT -m iprange --src-range 95.154.248.0-95.154.251.255 -j DROP
   
9. iptables -I INPUT -m iprange --src-range 188.161.128.0-188.161.255.255 -j DROP
   
10. iptables -I INPUT -s 79.114.199.69 -j DROP
    
11. iptables -I INPUT -s 64.156.192.26 -j DROP
    
12. iptables -I INPUT -s 202.129.0.9 -j DROP
    
13. iptables -I INPUT -s 62.152.60.70 -j DROP
    
14. iptables -I INPUT -s 82.220.3.13 -j DROP

複製代碼

bubblestar

回復 585# Qnewbie


   
Last night, I also updated to svn 506 which was released 87 minutes soon after I got svn 505 .  Quite hot and fresh.

Is your update process smoother than the previous release?

bubblestar

回復 586# Qnewbie


    Very good settings.  Don't know how many items that we can input into the iptables. Does anyone know about it?

ckleea

回復  Qnewbie


    Very good settings.  Don't know how many items that we can input into the iptab ...
bubblestar 發表於 2011-4-10 09:57

If you are in a server, it is just a plain text file. Virtually unlimited.
remember to put those blocked ips at the top or beginning, and then accepted IP. Otherwise, it will get through.

Qnewbie

回復 587# bubblestar


    Yes, the update process is smooth than svn 437.

I don't know how many rules can be added. As Ckleea C-hing, said, hope it would add quite a lot(there are quite many space left for persisten). However, it requires more CPU power as the list grows.

ckleea

How about the stability and do you try the n2n functon?

雯雯 is interested

Qnewbie

回復 591# ckleea


    I don't implement n2n to retain (reduce) the size of firmware(8.0 MB).

I can compile a newer one to include n2n & iptables and report the size latter.

Qnewbie

The size is 8.1 MB.

下載 (60.01 KB)
packagelist

2011-4-10 17:30

ckleea

You may need the TIFF2PDF if you want fax,

亞星

我隻 IP01 過唔到一個月尋晚終於俾人玩到 reboot 咗

bubblestar

都唔錯喎，差不多一個月唔使reboot。你個IP01任人入去玩reboot? 用新版就有呢樣好，分開Operator Panel 及 Admin Mode。

今次SVN506 好爽，令我有些重拾第一次用Switchfin時的快速感覺。

Gmail應該是可以用的，但仲未知點樣設定。

Qnewbie

The buttons for Outgoing Calling Rules don't work.

bubblestar

回復 597# Qnewbie


   
Mine is working fine.  

角色

Since I am lacking of time to compile and my system partition is too small to perform the make image task, bubblestar let me have his compipiled copy.

It is very easy to upgrade it on my ip01 without any problem encountered. However I observed that the version 506M. What does it mean for the letter 'M'? Is it a maintenance version?

YH

Qnewbie

Recompile with n2n & iptables with custom kernel setting, the buttons for Outgoing Calling Rules come back.

Currently, I don't apply the stability test as 亞星 does.

M could stand for many things, maintenance, modification, or why not McDonald's