Welcome to Machine Unix

Search Below

Using IPF in your SmartMachine

Have you ever wondered how many unique IP addresses is hitting your web server ? Recently I was wondering about that, so I decided to check out my webserver’s access.log to see what was happening. A quick scan of the access log revealed some interesting information:

[root@machine-unix ~]# cat <path/to/access.log> | cut -d’ ‘ -f1 | sort | uniq -c | sort -n
1 1.186.218.8
1 1.187.140.58
1 1.187.251.135
1 1.220.235.78
1 1.23.160.105
1 1.23.66.108
1 1.234.6.28
1 100.43.85.17
1 101.174.181.71

18535 185.32.200.50
20098 62.213.111.107
30606 213.81.223.204

So the IP address 213.81.223.204 hit my server about 30606 times since Jul 2014. A quick whois search tells me that this is a DNS server that is based in Slovakia. So now, it is time for me to use ipfilter in my smartmachine:

[root@machine-unix] # cat /etc/ipf/ipf.conf

block in from 213.81.223.204 to 165.225.132.19

Restart the ipf service :

[root@machine-unix] # svcadm restart ipfilter
[root@machine-unix] # svcs -a | grep ipf
online 20:03:40 svc:/network/ipfilter:default

For more information about using ipfilters, check out Joyent’s Doc on this! Happy Filtering….

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>