Hi Herb,
> Originally, I added it to the iptables rules but that grew too big after a
> while.
>
> Now I run my own RBL that all my mail servers use, besides spamcop and
> spamhaus. It has a mysql database behind it. In the 2 months its been up,
> my perl script has added 43,000 IP addresses to it. Can you imagine an
> iptables rule list that long!
Happened to me as well when I tried that approach. Suddenly just restarting
the firewall took serveral minutes, as there were tens of thousands of IPs in
the blacklist. :o)
That problem doesn't exists with the approach that uses IPTables and the
"recent" module. All bans/blocks happen instantly, are temporary and expire
by themselves. Adding an address to the banlist or removing it doesn't
require a restart of the firewall itself. Likewise, the entire procedure
happens on the kernel level, so you don't need to do parse logfiles
periodically.
--
With best regards,
Michael Stauber