Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] best method to block ip block
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 29 Jul 2001 20:04:04 +0300
  • Message-id: <20010729200404.A3333@xxxxxxxx>
* Martin Leweling; <lewelin@xxxxxxxxxxxxxxx> on 29 Jul, 2001 wrote:
> Hi Togan,
>
> > block I want to filter is as follows
> >
> > xxx.156.130.1 to xxx.156.191.255
>
> I'm not quite sure if I really understand your problem, since your
> firewall is already blocking this kind of access. But to explicitly

The firewall is DENY'ing these request's which AFAIU is also generating
traffic. Hence I thought maybe a better way exists

>
> Then apply these three rules:
> /sbin/ipchains -A input -s xxx.156.128.0/18 -d 0.0.0.0./0 -i eth0 -j ipblock
> ... proceed with normal input chain ...
? if the starting IP adress is xxx.156.130.1 why I define it as
xxx.156.128.0/18

>
> /sbin/ipchains -A ipblock -s xxx.156.128.0/23 -d 0.0.0.0./0 -i eth0 -j RETURN
^^^^^^^
why /23
> /sbin/ipchains -A ipblock -s xxx.156.128.0/18 -d 0.0.0.0./0 -i eth0 -l -j DENY
>

What I had in mind (which I was not sure) having a rejecting route for
the IP block


--
Togan Muftuoglu


< Previous Next >
References