RE: Denying access to a public IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

figured it out!

 

the "iptables -A INPUT -f -d 192.168.1.1 -j DROP" is an incorrect command, since -f specifies only fragmented packets and -d specifies destination IP, which I need source IP. I also needed the -A to be a -I because I need the rule to be at the top of the table so it reads it first.

 

the correct command is "iptables -I INPUT -s 192.168.1.1 -j DROP" and it works great!

 

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Chris
Sent: Monday, May 12, 2003 10:49 AM
To: Netfilter/IPTables Mailing List
Subject: Denying access to a public IP

 

All,

 

well, i just setup a linux router for myself. for the improved security, dedicated box, ect anyway....

every once in a while I'll find an IP addy that I want/need to block, either cuz I don't want them CONSTANTLY trying to do code red on my IIS server which HAS BEEN PATCHED, or, they just make me mad.

so... using the “iptables -A INPUT -f -d 192.168.1.1 -j DROP” command would be a good way to do it, correct?

FYI, I'm using a hardened version of RH 7.2, commonly known as IPCop v1.3.0 Fixes 1 and 2. I have it setup for GREEN + ORANGE + RED. It uses IPTables

GREEN (LAN) = eth0
ORANGE (DMZ) = eth1
RED (WAN) = eth2

 

Here’s what I’ve tried to do:

 

First, I try to drop all ICMP packets (pings). Had trouble with that until I deleted the "ACCEPT icmp -- anywhere anywhere" rule and added a DENY for ICMP in INPUT.

 

So... my current problem is trying to deny access to certain IPs. But the "iptables -A INPUT -f -d 192.168.1.1 -j DROP" for whatever reason doesn't work. I mean it works and adds the rule, but the host can still access my firewall. my INPUT rule file is below:

 

Chain INPUT (policy DROP)
target     prot opt source               destination
ipac~o     all  --  anywhere             anywhere
PSCAN      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
PSCAN      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
           tcp  --  anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN limit: avg 10/sec burst 5
CUSTOMINPUT  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
RED        all  --  anywhere             anywhere
XTACCESS   all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere           limit: avg 10/min burst 5 LOG level warning prefix `INPUT '
DROP       icmp --  anywhere             anywhere

 

so... do i need to delete another rule? or what am I doing wrong?

 

Chris
ImplexantSystems.com
chris@xxxxxxxxxxxxxxxxxxxx
 

 

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux