Okay, if i want to block IP or range of IPs from my site, i should ad rule to firewall, right?
So what an earth i should ad in this screen?
http://img13.imageshack.us/img13/167/firewally.png
Okay, if i want to block IP or range of IPs from my site, i should ad rule to firewall, right?
So what an earth i should ad in this screen?
http://img13.imageshack.us/img13/167/firewally.png
Thereās different ways to block a user; you could use the firewall, you can use ārouteā to reject ipās, and you can add rules to the .htaccess file to block ipās as well.
To use the screen you have above ā youād just select āDropā next to āAction to takeā, and then add the IP address to drop next to āSource Address or Networkā.
Personally, Iām a fan of typing it out on the command line:
iptables -I INPUT -s IP_address_to_drop -j DROP
But, the above screen does the same thing
-Eric
I add single addresses almost daily and entire /16ās on some occasions.
To block a range, where you enter the IP you enter xxx.xxx.xxx.0/16 or /whatever.
Unfortunately it will add the rule at either the top or the bottom of your rules so if you are picky like me you need to either go into /etc/sysconfig/iptables and manually move it to where you like or you can move it one line at a time using the up and down single arrows next to the rule.
This is what I am using while searching for this solution.
http://www.experts-exchange.com/Security/Linux_Security/Q_20683396.html
Thanks to Klintan:
#!/bin/bash
cat badips.txt
However I would prefer that you set default policy to DROP and then only accept the god ones.
Something like this.
This asumes that your network is 192.168.0.x
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport bootps --sport bootpc -j DROP
iptables -A INPUT -i eth0 -p udp --dport bootps --sport bootpc -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport bootps --sport bootpc -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED -j ACCEPT
iptables -A FORWARD -m state --state RELATED -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
cat godips.txt