Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [SLE] Help hosts.deny - one suggestion
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Mon, 10 Jul 2006 03:01:15 +0200
  • Message-id: <200607100301.15718.andjoh@xxxxxxxxxx>
On Monday 10 July 2006 02:52, Toshi Esumi wrote:
> Hi, I came across this thread while re-organizing my inbox. But, to
> block access from some certain IP address ranges, I would suggest you
> use "blocking route" with "route" command. Man page has a good
> explanation how it works with an example:
>
> route add -net 10.0.0.0 netmask 255.0.0.0 reject
>
> With this way, you can block access at Layer 3(IP) level without coming
> through TCP/IP then reaching xinetd. Just my idea. By the way, I haven't
> tested this command though.

This would be for outgoing routes, so you would get SYN packets coming
through, but the responses would fail

Much better, then, to use iptables, since this is what iptables does. For
example

iptables -I INPUT -s 10.0.0.0/8 -j DROP
>
> Toshi
>
> On Wed, 2006-06-14 at 18:38 -0500, David Rankin wrote:
> > Mates,
> >
> > I am trying to configure hosts.deny to deny all access to APNIC IP's.
> > I am also looking for any additional ideas that you have found that work
> > to deny other notorious scrip kiddie addresses as well. So if you have a
> > good hosts.deny file you wouldn't mind posting or sharing, I would
> > welcome the help. The apnic ranges I have found so far come from:
> > http://www.apnic.net/db/ranges.html The hosts.deny file I have put
> > together from that looks like the following. What is everybody else doing
> > to cut down on the annoying sshd/ftp etc.. attempts?
> >
> > # /etc/hosts.deny
> > # See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
> > # for a detailed description.
> >
> > # Excluded APNIC Ranges
> > ALL : 210.
> > ALL : 211.
> > ALL : 58.
> > ALL : 60.
> > ALL : 121.
> > ALL : 122.
> > ALL : 126.
> > ALL : 169.208.
> > ALL : 196.192.
> > ALL : 202.
> > ALL : 203.
> > ALL : 210.
> > ALL : 218.
> > ALL : 220.
> > ALL : 222.
> >
> >
> > --
> > David C. Rankin, J.D., P.E.
> > Rankin Law Firm, PLLC
> > 510 Ochiltree Street
> > Nacogdoches, Texas 75961
> > (936) 715-9333
> > www.rankinlawfirm.com
> >
> >
> >
> > --
> > No virus found in this outgoing message.
> > Checked by AVG Free Edition.
> > Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 6/13/06


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


< Previous Next >
References