Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (3166 mails)

< Previous Next >
RE: [SLE] how to block http access from specific ip's
  • From: "Peer Stefan" <stefan.peer@xxxxxxxx>
  • Date: Thu, 20 Mar 2003 12:03:22 +0100
  • Message-id: <01B66D0A11EB3E439676C0EAA891D89F368F80@xxxxxxxxxxxxxxx>
Hi

just one question: did you enable your custom config file in the standard config file?
Look out for
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
in /etc/sysconfig/SuSEfirewall2. It's the last line and by default commented out. Just remove the hash and restart your firewall services.

regards,
Stefan
> From: Patrick Shanahan [mailto:WideGlide@xxxxxxxxxxxxx]
> * Christopher Mahmood <ckm@xxxxxxxx> [03-19-03 15:26]:
> > * Patrick Shanahan (WideGlide@xxxxxxxxxxxxx) [030319 12:01]:
> > > Thanks, but I guess I do not know how to write the script
> as this does
> > > not work:
> > > iptables -A INPUT -j DENY -d 24.208.133.143
> >
> > iptables -A INPUT -s the_bad_ip -d 0/0 --proto all -j DROP
>
>
> This is *not* working. 24.208.133.143 is still getting thru.
>
>
> excerpt from /etc/sysconfig/scripts/SuSEfirewall2-custom:
>
> fw_custom_before_port_handling() {
> # these rules will be loaded after the anti-spoofing and
> icmp handling
> # and after the input has been redirected to the input_XXX and
> # forward_XXX chains and some basic chain-specific
> anti-circumvention
> # rules have been set,
> # but before any IP protocol or TCP/UDP port
> allow/protection rules
> # will be set.
> # You can use this hook to allow/deny certain IP
> protocols or TCP/UDP
> # ports before the SuSEfirewall2 generated rules are hit.
>
> iptables -A INPUT -s 24.198.198.42 -d 0/0 --proto all -j DROP
> iptables -A INPUT -s 24.208.133.143 -d 0/0 --proto all -j DROP
> iptables -A INPUT -s 24.208.150.4 -d 0/0 --proto all -j DROP
>
> true
> }
>
>
> iptables -L yealds:
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> LOG all -- loopback/8 anywhere
> LOG level warning tcp-options ip-options prefix
> uSE-FW-DROP-ANTI-SPOOFING '
> LOG all -- anywhere loopback/8
> LOG level warning tcp-options ip-options prefix
> uSE-FW-DROP-ANTI-SPOOFING '
> DROP all -- loopback/8 anywhere
> DROP all -- anywhere loopback/8
> LOG all -- 192.168.0.2 anywhere
> LOG level warning tcp-options ip-options prefix
> uSE-FW-DROP-ANTI-SPOOFING '
> DROP all -- 192.168.0.2 anywhere
> input_ext all -- anywhere 192.168.0.2
> DROP all -- anywhere 192.168.0.255
> DROP all -- anywhere 255.255.255.255
> LOG all -- anywhere anywhere
> LOG level warning tcp-options ip-options prefix
> uSE-FW-ILLEGAL-TARGET '
> DROP all -- anywhere anywhere
> DROP all -- ptd-24-198-198-42.maine.rr.com anywhere
>
> DROP all -- dhcp024-208-133-143.insight.rr.com
> anywhere
> DROP all -- dhcp024-208-150-004.insight.rr.com
> anywhere
> ......
>
>
> firewall log:
>
> Mar 19 20:43:08 wahoo kernel: SuSE-FW-ACCEPT IN=eth0 OUT=
> MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
> SRC=24.208.133.143 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00
> TTL=121 ID=55047 DF PROTO=TCP SPT=4199 DPT=80 WINDOW=16384
> RES=0x00 SYN URGP=0 OPT (020405B401010402)
>
>
> What to do next ??
> --
> Patrick Shanahan Please avoid TOFU and trim >quotes<
> http://wahoo.no-ip.org Registered Linux User #207535
> icq#173753138 @ http://counter.li.org
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>
>

< Previous Next >
Follow Ups