You have read that one of the packages for Linux that I really like is FireHol. I still use it and it works really well. I have recently made two changes to my config that people might find handy.
First I started to blacklist people who repeatedly try and login via SSH. I get a daily email telling me when people try and where they are from. The line to add to the firehol.conf looks like this:
blacklist this 10.10.10.10 # where 10.10.10.10 is the IP address of the offender
Yeah, these bastards probably won’t try again and it is usually a DSL or Cable user; but they are still blocked.
The other change is to reduce iptables logging. Before this change pretty much every blocked connection was printed to the console. Annoying if you are trying to actually *use* the console. This takes two changes. The first is also in firehol.conf add the line:
FIREHOL_LOG_LEVEL=3
Second, modify the /etc/sysconfig/syslog file and change the KLOGD_OPTIONS to include a “-c 3” line. You will need to restart the syslog service (and the firehol configuration of course). This sets the logging to the ERROR level rather than the WARNING level. Much nicer.
In my next geekout post I will get all xen on you. As in xen virtualization for linux.
[ Edit: dumb wordpress interpeting my ‘_’ to make things bold or italic; now fixed ]