| Re: IRC [message #16026 is a reply to message #16019] |
Sat, 18 August 2007 21:42   |
locutius
Messages: 125
Registered: August 2007
|
Senior Member |
|
|
iptables is a bitch because all the time you must keep a clear record of your rulez and for any configuration worthy of a modern webserver the rulez get long and complex to read
as a basic requirement for any server facing the cloud i recommend advanced policy firewall http://rfxnetworks.com/apf.php it is a simple to use intuitive script for loading rules into iptables
in addition to dynamic rules there are static global rules which can be used to loaded blocklists into iptables. i have servers blocking 2.6 million IPs or 64% of the net in the kernel at very very very small cost (5% cpu)
you can easily obtain lists of IRC networks and other nasty stuff. ipfiltering those bad guys will make your server most unattractive to anyone who needs a server to run evil IRC
btw your hosts attempts are ridiculous, slap him
EDIT:
to be clear, there is nothing wrong with local irc as a service. it is everything and the evil that comes with irc you dont want. my best guess is what you want is to remove the possibility the VPS are used to join evil undernet etc and if eggdrops are installed then they are limited. the above iptables solution will do that for you and more. NOTE: enable egress filtering
[Updated on: Sat, 18 August 2007 21:57] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
