How do I use iptables to deny IPSEC connections?
I am running iptables v1.3.8 on Fedora 5. On a regular basis a remote
host connects to my machine and gobbles up more than 3 MB/sec of
bandwidth, makes my swap space almost full, and always seems to be
associated with a second, remote machine. Not only is this irritating
but it is also embarrassing. I'm not sure, but I think remote machine
one is talking to remote machine two.
I have a rule in /etc/sysconfig/iptables that looks like this (with IP
changed to protect the guilty):
-A RH-Firewall-1-INPUT -s 123.456.789.109 -j REJECT
I believe this rule says, "Reject any connections coming from
123.456.789.109", but after I restart iptables the connections
persist. Using ntop as my diagnostic tool, I see that 0% of the
connections from 123.456.789.109 are IP-based but rather IPSEC-based.
(Does such a thing make sense?)
How do I either: 1) deny any access to my machine from
123.456.789.109, or 2) deny any connections that are IPSEC-based
because I have no such need for IPSEC, I think. What is host
123.456.789.109 exploiting?
--
Eric Lease Morgan
University of Notre Dame
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
