Re: [expert] blocking an ip address
Michael Viron wrote: This depends. Do you want to block them from services that utilize hosts.deny. If so, add the ip address to /etc/hosts.deny. Do you want to block network traffic from them entirely? If so, use ipchains or iptables (depending on your kernel version) to block them. Michael To add to what Michael has said. If you're going to add the address to iptables rules to block the traffic the rule would look something like this: iptables -A INPUT -p tcp --dport 20:1 -s 216.0.0.0 -j DROP -A = tells the kernel to append this rule to already existing INPUT table rules INPUT = name of a table -p = flag telling the kernel what protocol to apply this rule to. (must be specified when using the --dport argument. tcp = protocol name --dport = destination port where incoming packet is bound for. 20:1 = expression specifying all ports from 20 thru 1 -s = source IP address -j = target DROP = what to do with the packet when a match is detected. -- daRcmaTTeR -- Registered Linux User 182496 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
cool, thanks a lot. It's been done. as a side note, anyone here seeing a lot of port scans and whatnot from Asian addresses? I'm getting hit an awful lot from Japan. - Original Message - From: daRcmaTTeR [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 14, 2002 4:28 PM Subject: Re: [expert] blocking an ip address Michael Viron wrote: This depends. Do you want to block them from services that utilize hosts.deny. If so, add the ip address to /etc/hosts.deny. Do you want to block network traffic from them entirely? If so, use ipchains or iptables (depending on your kernel version) to block them. Michael To add to what Michael has said. If you're going to add the address to iptables rules to block the traffic the rule would look something like this: iptables -A INPUT -p tcp --dport 20:1 -s 216.0.0.0 -j DROP -A = tells the kernel to append this rule to already existing INPUT table rules INPUT = name of a table -p = flag telling the kernel what protocol to apply this rule to. (must be specified when using the --dport argument. tcp = protocol name --dport = destination port where incoming packet is bound for. 20:1 = expression specifying all ports from 20 thru 1 -s = source IP address -j = target DROP = what to do with the packet when a match is detected. -- daRcmaTTeR -- Registered Linux User 182496 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
logic7 wrote: cool, thanks a lot. It's been done. as a side note, anyone here seeing a lot of port scans and whatnot from Asian addresses? I'm getting hit an awful lot from Japan. yes, actually I have. most of the traffic has been hitting my ftp server though. they're mostly probe connections trying to see where i'm weak and if there's a place that they can get in to setup shop and load a back door. damn lamers! I've taken to blocking whole subnets that are listed in the whois.apnic.net as being assigned to korea, japan, china, and of course everyone's favorite taiwan. -- daRcmaTTeR -- Registered Linux User 182496 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
PM Firewall works with ipchains. I've used it in the past. I'm using Bastille. - Original Message - From: J. Craig Woods [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 12, 2002 10:49 PM Subject: Re: [expert] blocking an ip address Damon Lynch wrote: On Sat, 2002-07-13 at 13:36, J. Craig Woods wrote: if using ipchains, use ipchain rule. If using this, the script pmfirewall might come in handy. Don't know if it works with 2.4 kernels though. It may do. Damon Nope, pmfirewalls does not work with iptables but I sure wish the hell it did. You are totally right on, pmfirewall rocks! On his web page, the creator says he wants to get around to doing a program that supports iptables. Maybe if we offered him some money, he would find the time :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
This depends. Do you want to block them from services that utilize hosts.deny. If so, add the ip address to /etc/hosts.deny. Do you want to block network traffic from them entirely? If so, use ipchains or iptables (depending on your kernel version) to block them. Michael -- Michael Viron Project Manager / Primary Developer / Manager of Online Operations General Education Online http://www.findaschool.org At 08:33 PM 7/12/2002 -0400, you wrote: My brain isn't working right now... How do I block an IP address or range of IP addys from getting into my server (maybe having port sentry drop 'em off)? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] blocking an ip address
My brain isn't working right now... How do I block an IP address or range of IP addys from getting into my server (maybe having port sentry drop 'em off)? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
logic7 wrote: My brain isn't working right now... How do I block an IP address or range of IP addys from getting into my server (maybe having port sentry drop 'em off)? Depends on your firewall methodology: if using iptables, write iptable rule; if using ipchains, use ipchain rule. Search the docs (online or offline) for syntax on rules. drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
On Sat, 2002-07-13 at 13:36, J. Craig Woods wrote: if using ipchains, use ipchain rule. If using this, the script pmfirewall might come in handy. Don't know if it works with 2.4 kernels though. It may do. Damon -- Damon Lynch Dev-Zone Program Officer http://www.dev-zone.org Jabber Messaging: [EMAIL PROTECTED] Tel: +64 4 496 9597 Yahoo Messaging: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] blocking an ip address
Damon Lynch wrote: On Sat, 2002-07-13 at 13:36, J. Craig Woods wrote: if using ipchains, use ipchain rule. If using this, the script pmfirewall might come in handy. Don't know if it works with 2.4 kernels though. It may do. Damon Nope, pmfirewalls does not work with iptables but I sure wish the hell it did. You are totally right on, pmfirewall rocks! On his web page, the creator says he wants to get around to doing a program that supports iptables. Maybe if we offered him some money, he would find the time :-) drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com