Hi, How can I block IP addresses completely from accessing my fw in SuSEfirewall2 configuration ? -- jaap noordzij smokejumper at chello.nl
Hi Jaap Noordzij,
How can I block IP addresses completely from accessing my fw in SuSEfirewall2 configuration ?
Source, Destination or both? I think the side must be the internet - input. You block by using reject or deny, but which of the above mentioned is important for configuration. Regards, Ruprecht ---------------------------------- Ruprecht Helms IT-Service und Softwareentwicklung Tel/Fax.: +49[0]7621 16 99 16 Homepage: http://www.rheyn.de email: info@rheyn.de ----------------------------------
On Tuesday 28 January 2003 16:05, Jaap Noordzij wrote:
Hi,
How can I block IP addresses completely from accessing my fw in SuSEfirewall2 configuration ?
If you want to block IP address range xxx.xxx.xxx.xxx/yy, you can do this by putting iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx/yy in the section fw_custom_before_antispoofing() of /etc/sysconfig/scripts/SuSEfirewall2-custom. You need to enable the use of a custom firewall configuration at the end of /etc/sysconfig/SuSEfirewall2 as well. Read the comments in the custom configuration for further explanation. -- Arjen de Korte 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
Arjen thanks, suppose I have to add -A FORWARD as well if I want to block access to the dmz Jaap On Tuesday 28 January 2003 20:41, Arjen de Korte wrote:
If you want to block IP address range xxx.xxx.xxx.xxx/yy, you can do this by putting
iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx/yy
in the section fw_custom_before_antispoofing() of /etc/sysconfig/scripts/SuSEfirewall2-custom. You need to enable the use of a custom firewall configuration at the end of /etc/sysconfig/SuSEfirewall2 as well. Read the comments in the custom configuration for further explanation.
-- jaap noordzij smokejumper at chello.nl
On Tuesday 28 January 2003 21:21, Jaap Noordzij wrote:
Arjen thanks,
suppose I have to add -A FORWARD as well if I want to block access to the dmz Jaap
Well, yes. But I understood from your question that you wanted to block access to your firewall and in that case a block of the INPUT channel should be sufficient. While you're at it, you might want to block the OUTPUT channel as well, to completely filter out ALL traffic to and from the IP (range) in question.
On Tuesday 28 January 2003 20:41, Arjen de Korte wrote:
If you want to block IP address range xxx.xxx.xxx.xxx/yy, you can do this by putting
iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx/yy
in the section fw_custom_before_antispoofing() of /etc/sysconfig/scripts/SuSEfirewall2-custom. You need to enable the use of a custom firewall configuration at the end of /etc/sysconfig/SuSEfirewall2 as well. Read the comments in the custom configuration for further explanation.
-- Arjen de Korte 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
participants (3)
-
Arjen de Korte -
Jaap Noordzij -
Ruprecht Helms