Newbie :: Block IP Range seems not to work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

i'm a newbie in iptables (i have only used commercial products but never tried to write my own rules step by step).

I have read the iptables manual, and other related to server configuration but in my case it seems not to work. I'm sure i'm doing somrething wrong but i don't know what exactly.

I want to learn to do it fine to modify the default rules that comes with IPCop fireall to fit my needs at home.

What i need is to block an ip range completely. I have a internal web server. Over my firewall i make a port forward to send all traffic that arrives at the firewall to the web server. The firewall own the public ip address of my site.

I have used a syntax like this:

iptables -A CUSTOMINPUT -s <RANGE> -j DROP
iptables -A CUSTOMFORWARD -p tcp -s <RANGE> -d <WebSrvIp> --dport 80
iptables -A PORTFWACCESS -p tcp -s <RANGE> -d <WebSrvIp> --dport 80 -j DROP

CUSTOMINPUT is a chain of INPUT type
    - CUSTOMINPUT  all  --  0.0.0.0/0            0.0.0.0/0
CUSTOMFORWARD is a chain of FORWARD type
    - CUSTOMFORWARD  all  --  0.0.0.0/0          0.0.0.0/0
PORTFWACCESS is a chain of FORWARD type
    - PORTFWACCESS  all  --  0.0.0.0/0           0.0.0.0/0

TIA

jonathan

--
___________________________________________________________________
 Jonathan Gonzalez - SureStorm.com Security Site - Madrid/MA/SPAIN
 http://www.surestorm.com - GnuPG Key ID = 0xAA3EAC08

 /"\
 \ /  ASCII RIBBON CAMPAIGN
  X   Against HTML mail & Microsoft attachments
 / \


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux