On Wed, 4 May 2005, Zero One wrote:
i want to block an ip address on my system i did http_access deny but the clint is entering url addrss of 65550 bytes and it makes down my system and this request comes 10 times in a second
please suggest what to do and how can i block this clint using iptables by pre routing
What do do:
use firewalling (iptables) to shield this client off from using Internet until the malware (virus/worm/trojan/whatever) has been removed from it.
If you run transparent interception:
iptables -t nat -I PREROUTING 1 -s ip.of.bad.client -j DROP
If you run as a normal proxy:
iptables -I INPUT 0 -s ip.of.bad.client -j DROP
(the rule above also works but has the sideeffect of activating NAT support in the kernel which you maybe don't want to do on a normal proxy)
A number of other alternatives in the same spirit is also possible.
Regards Henrik