Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: AW: [suse-security] block forged packets with iptables
  • From: Andreas Baetz <andreas.baetz@xxxxxxxx>
  • Date: Wed, 27 Feb 2002 14:26:03 +0100
  • Message-id: <02022714260300.17328@pp1>
On Friday 22 February 2002 15:30, Oliver Krapp - etracker.de wrote:
> > >since a few day there is much in traffic (~100 kbit/sec) from a
> > >specified host to my server, I notice this first on my mrtg graph,
> > >then detailed with ntop.
> > >
> > >I want to block the IP with the following iptables commands:
> > >
> > >iptables -A OUTPUT -j DROP -d xxx.xxx.xxx.xxx
> > >iptables -A OUTPUT -j DROP -s xxx.xxx.xxx.xxx
> > >iptables -A INPUT -j DROP -d xxx.xxx.xxx.xxx
> > >iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx
> >
> > If you use SNAT or DNAT and that IP is matched by an SNAT or DNAT rule
> >
> > then the INPUT and OUPUT chains are not used. Instead use the FORWARD
> > chain.
>
> I don't use NAT, anyway if I also add rules for the FORWARD chain, it is
> the same effect.
>

Maybe you already solved this, but here are some suggestions:
How do the packets look like, did you try to capture some of them with tcpdump ?
Maybe the packets get accepted before they reach your drop rules ?

Andreas Baetz


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been scanned
for the presence of computer viruses.
**********************************************************************


< Previous Next >