* Christopher Mahmood
* Patrick Shanahan (WideGlide@MyRealBox.com) [030319 12:01]:
Thanks, but I guess I do not know how to write the script as this does not work: iptables -A INPUT -j DENY -d 24.208.133.143
iptables -A INPUT -s the_bad_ip -d 0/0 --proto all -j DROP
This is *not* working. 24.208.133.143 is still getting thru. excerpt from /etc/sysconfig/scripts/SuSEfirewall2-custom: fw_custom_before_port_handling() { # these rules will be loaded after the anti-spoofing and icmp handling # and after the input has been redirected to the input_XXX and # forward_XXX chains and some basic chain-specific anti-circumvention # rules have been set, # but before any IP protocol or TCP/UDP port allow/protection rules # will be set. # You can use this hook to allow/deny certain IP protocols or TCP/UDP # ports before the SuSEfirewall2 generated rules are hit. iptables -A INPUT -s 24.198.198.42 -d 0/0 --proto all -j DROP iptables -A INPUT -s 24.208.133.143 -d 0/0 --proto all -j DROP iptables -A INPUT -s 24.208.150.4 -d 0/0 --proto all -j DROP true } iptables -L yealds: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere LOG all -- loopback/8 anywhere LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- 192.168.0.2 anywhere LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' DROP all -- 192.168.0.2 anywhere input_ext all -- anywhere 192.168.0.2 DROP all -- anywhere 192.168.0.255 DROP all -- anywhere 255.255.255.255 LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix uSE-FW-ILLEGAL-TARGET ' DROP all -- anywhere anywhere DROP all -- ptd-24-198-198-42.maine.rr.com anywhere DROP all -- dhcp024-208-133-143.insight.rr.com anywhere DROP all -- dhcp024-208-150-004.insight.rr.com anywhere ...... firewall log: Mar 19 20:43:08 wahoo kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=24.208.133.143 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL=121 ID=55047 DF PROTO=TCP SPT=4199 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) What to do next ?? -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org