Help - Search - Members - Calendar
Full Version: Banning Range With Ip Tables
Linuxhelp > Support > Technical Support
Termina
How can I ban an IP range with IP tables? smile.gif
hughesjr
It depends on how your firewall is set up ....

Is it only a firewall for your local machine or a firewall that is an entire network's gateway?

If for an entire network, does it do IPMASQing (ie, you have one public IP and have a 192.168.x.x or 10.x.x.x or 172.16.x.x - 172.31.x.x ip's inside your firewall)?

Is there any port forwarding ... If so, is the forwarding done in the PREROUTING IPMASQ chain or in the FORWARD chain?

--------------------------------
Termina
I do not use my linux box as a router. I use iptables only to restrict certain IP addresses from a game server I am running (since it lacks that funcionality). Also useful since they cannot access my website either to sign up for more accounts, or cause trouble on the forums.

I want to block outside IP addresses (not the 192.168.1.* from my linksys router).

I belive the command is:

# iptables -I INPUT -s 123.123.123.123 -j DROP

to block a single IP? I'd like to block (in this example) from 123.123.123.0 to 123.123.123.255
hughesjr
iptables -I INPUT -s 123.123.123.0/255.255.255.0 -j DROP

will drop the entire class c network (hosts 123.123.123. 1 through 254 will be blocked)

-----------------
iptables -I INPUT -s 123.123.0.0/255.255.0.0 -j DROP

will drop the entire class b network (hosts 123.123. 1 through 254 . 1 through 254 will be blocked)

etc...
hughesjr
I think it would be:

iptables -A INPUT -s 123.123.0.0/255.255.0.0 -j DROP

instead of

iptables -I INPUT -s 123.123.0.0/255.255.0.0 -j DROP

(well according to the man page, I think either will work ... one is insert ... the other is append to the end of the rule table)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.