Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)

[Joerg Anslik <joerg@xxxxxxxxx>]

Yeah,

>    There are two issues that I see.  The first is that the hosts.allow
>    file can potentially become huge

That's painfully true, and I admit I've not given this any second
thoughts. What I can say for my box I ran here, it's experiencing
approximately one attack per day, so I believe it's okay to let the
hosts.allow grow at this rate.

Other machines may experience more attacks, though, and a rapidly
growing tcpwrapper config file surely is a problem. Maybe it's worth
thinking about some kind of "ageing mechanism" that sorts out outdated
entries and keeps /etc/hosts.allow trimmed this way.

>    The second is that I'm not sure it is safe to insert the strings
>    you are greping out of the BLACKLIST file (thrown into your
>    PISSNELKE variable) directly into the hosts.allow file like that.

You're right, I've overseen this since I had no "live" reference for
malformed entries. I'll add some sanity checks to it once I finished
watching Star Trek Voyager Season 7.

Anyway, the scripts work fine for me so far, and maybe they will for
some other folks out there, so think of them as a late christmas gift.
:-)

--j