My test XS at home has a FQDN and is open to the outside. Therefore this is probably a pretty rare issue in XS land, but I thought I'd ask.<br><br>I noticed my "ambient" rx/tx traffic on eth0 had gone from really low (like 0.1 to 0.7 kB/s) to hovering between 5-20 kB/s. I went through httpd's access_log and error_log and blocked a bunch of IPs that looked kinda sketchy. Chinese and Russian search engine bots, script kiddies looking for phpmyadmin, that kinda stuff.<br>
<br>Of course, I do have robots.txt disallowing all user agents, but we know that's not always respected.<br><br>Then I thought, rather than play whack-a-mole with individual IPs, I'll just block China and Russia altogether. However, that brings up another question. Between China: <a href="http://www.wizcrafts.net/chinese-iptables-blocklist.html">http://www.wizcrafts.net/chinese-iptables-blocklist.html</a> and Russia: <a href="http://www.wizcrafts.net/russian-iptables-blocklist.html">http://www.wizcrafts.net/russian-iptables-blocklist.html</a> that's a ton of IP addresses.<br>
<br>Getting them into /etc/sysconfig/olpc-scripts/iptables-xs is easy enough. I pasted the IP data into a file named banned_ips.txt and ran this little script:<br><br>#!/bin/bash<br>for i in $(< banned_ips.txt); do<br>
iptables -A INPUT -s "$i" -j DROP<br>done<br><br>I didn't mess with <a href="http://iptables-xs.in">iptables-xs.in</a>, as I figured I might need to update and/or straighten stuff out and a simple IP list is a lot easier to manipulate. Of course, restarting iptables reloads <a href="http://iptables-xs.in">iptables-xs.in</a> and the block list is gone from iptables-xs. No big deal, as the above script just takes a couple seconds to run and they're back in there.<br>
<br>Here's my question - is the XS networking going to get wonky with 894 extra iptables rules? I know every incoming connection has to be checked against it, so what's the max count of rules that's a good idea? And is there a better way to handle this?<br>
<br>Anna Schoolfield<br>Birmingham<br><br>P.S. After blocking all these IPs, my ambient traffic has gone back down to normal.<br>