Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Banning Range With Ip Tables, 1.1.1.0 - 1.1.1.255 for example
Termina
post Feb 25 2004, 07:45 PM
Post #1


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



How can I ban an IP range with IP tables? smile.gif


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 26 2004, 06:58 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



It depends on how your firewall is set up ....

Is it only a firewall for your local machine or a firewall that is an entire network's gateway?

If for an entire network, does it do IPMASQing (ie, you have one public IP and have a 192.168.x.x or 10.x.x.x or 172.16.x.x - 172.31.x.x ip's inside your firewall)?

Is there any port forwarding ... If so, is the forwarding done in the PREROUTING IPMASQ chain or in the FORWARD chain?

--------------------------------


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Termina
post Feb 26 2004, 09:56 AM
Post #3


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



I do not use my linux box as a router. I use iptables only to restrict certain IP addresses from a game server I am running (since it lacks that funcionality). Also useful since they cannot access my website either to sign up for more accounts, or cause trouble on the forums.

I want to block outside IP addresses (not the 192.168.1.* from my linksys router).

I belive the command is:

# iptables -I INPUT -s 123.123.123.123 -j DROP

to block a single IP? I'd like to block (in this example) from 123.123.123.0 to 123.123.123.255


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 27 2004, 07:53 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



iptables -I INPUT -s 123.123.123.0/255.255.255.0 -j DROP

will drop the entire class c network (hosts 123.123.123. 1 through 254 will be blocked)

-----------------
iptables -I INPUT -s 123.123.0.0/255.255.0.0 -j DROP

will drop the entire class b network (hosts 123.123. 1 through 254 . 1 through 254 will be blocked)

etc...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post Feb 27 2004, 11:51 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I think it would be:

iptables -A INPUT -s 123.123.0.0/255.255.0.0 -j DROP

instead of

iptables -I INPUT -s 123.123.0.0/255.255.0.0 -j DROP

(well according to the man page, I think either will work ... one is insert ... the other is append to the end of the rule table)


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd October 2017 - 09:26 PM