Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] reject an IP with Apache2 and Suse Firewall.
It works,
How can I also log these drops???


----- Original Message ----- From: "Peer Stefan" <stefan.peer@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Monday, March 14, 2005 12:32 PM
Subject: Re: [suse-security] reject an IP with Apache2 and Suse Firewall.


Hi,

From: Andrei Bintintan [mailto:klodoma@xxxxxxxxx]

Hi,
I'm getting some strange logs, in the apache access file from some IP's.
How can I make a "blacklist" with apache so that I reject this specific IP from the webserver???

It's more convenient to do this with ip filters.

I'm wondering for the same thing in the Suse Firewall. How can I make a blacklist for the suse firewall???

Sure - edit /etc/sysconfig/SuSEfirewall2 and enable FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

Edit /etc/sysconfig/scripts/SuSEfirewall2-custom and add the following to the "fw_custom_before_antispoofing()"-section

BLACKLIST="A.B.C.D E.F.G.H X.Y.Z.0/24"
for net in $BLACKLIST; do
iptables -A INPUT -s $net -j DROP
done
This blacklist could be a simple IP list or ... maybe something more advanced can be made???


Andy.

Cheers,
Stefan

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here





< Previous Next >
Follow Ups
References