On Wed, Apr 01, 2015 at 07:53:54AM +1000, Thomas <tom at then.fr> wrote a message of 34 lines which said: > We have the same problem. > > Attacks are random and with many source IPs (botnets). Stable suffix or not? battossai claimed that the suffix changed every second. > Therefore it is > harder to have an automatic system to block source IPs. It's not the source IP that you should block (they are probably forged so you would block innocent people) but the suffix (I sent the iptables rule for that a few messages ago). > Manual iptables rules are not maintainable, In my experience, they are, if the attacker does not change the suffix.