* Martin Leweling; <lewelin@uni-muenster.de> on 29 Jul, 2001 wrote:

Hi Togan,

...

block I want to filter is as follows

xxx.156.130.1 to xxx.156.191.255

I'm not quite sure if I really understand your problem, since your firewall is already blocking this kind of access. But to explicitly

The firewall is DENY'ing these request's which AFAIU is also generating traffic. Hence I thought maybe a better way exists

Then apply these three rules: /sbin/ipchains -A input -s xxx.156.128.0/18 -d 0.0.0.0./0 -i eth0 -j ipblock ... proceed with normal input chain ...

? if the starting IP adress is xxx.156.130.1 why I define it as xxx.156.128.0/18

/sbin/ipchains -A ipblock -s xxx.156.128.0/23 -d 0.0.0.0./0 -i eth0 -j RETURN

^^^^^^^ why /23

/sbin/ipchains -A ipblock -s xxx.156.128.0/18 -d 0.0.0.0./0 -i eth0 -l -j DENY

What I had in mind (which I was not sure) having a rejecting route for the IP block -- Togan Muftuoglu