Re: help me (nfcan: addressed to exclusive sender for this address)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2006.03.28 22:29, bash - 0x62ash@xxxxxxxxx wrote:
On Tue, 28 Mar 2006 20:50:51 -0500
"John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote:

> On Wed, 2006-03-29 at 04:19 +0400, bash wrote:
> >  Hello All,
> >
> > I wanna dynamically block some ip's that load my router with --state NEW
> > packets (usually it's generated by very aggressive NetLook win
> > program). But there is a problem -m limit will block all my router's
> > user, and I wanna block just one ip :/
> I'm not entirely sure of what you want to do.  Why can you not match
> source? If you want, match the one IP and send all traffic for that IP
> to a user defined chain, e.g., :
> iptables -A FORWARD -s 10.1.1.100 -j SpecialChain
> iptables -A SpecialChain -j DOWHATEVERYOUWANT
>
> If it is that you want to exempt certain addresses, send all the packets
> to a user defined chain and return the exemptions, e.g.,
>
> iptables -A FORWARD -j LimitChain
> iptables -A LimitChain -m iprange --src-range 10.1.1.70-10.1.1.223 -j
> RETURN
> iptables -A LimitChain -j LOG, DROP, LIMIT, WHATEVERYOUWANTTODO

The problem is that I don't know IP of this machine.... And anyone in
my net can run NetLook program... So i want that - if some-one in my net
exceed limit then iptables will block this ip dynamically....

I am not an expert on this,
but for what it is worth:

Perhaps the rules used to detect
and limit brute force ssh attacks
could be adapted to your need.

Does NetLook have a predictable pattern?

You can find out about the ssh blocking rules
if you search the archives for 'brute force'.

Hope that helps.

--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux