Hi just one question: did you enable your custom config file in the standard config file? Look out for FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSEfirewall2. It's the last line and by default commented out. Just remove the hash and restart your firewall services. regards, Stefan
From: Patrick Shanahan [mailto:WideGlide@MyRealBox.com] * Christopher Mahmood
[03-19-03 15:26]: * Patrick Shanahan (WideGlide@MyRealBox.com) [030319 12:01]:
Thanks, but I guess I do not know how to write the script as this does not work: iptables -A INPUT -j DENY -d 24.208.133.143
iptables -A INPUT -s the_bad_ip -d 0/0 --proto all -j DROP
This is *not* working. 24.208.133.143 is still getting thru.
excerpt from /etc/sysconfig/scripts/SuSEfirewall2-custom:
fw_custom_before_port_handling() { # these rules will be loaded after the anti-spoofing and icmp handling # and after the input has been redirected to the input_XXX and # forward_XXX chains and some basic chain-specific anti-circumvention # rules have been set, # but before any IP protocol or TCP/UDP port allow/protection rules # will be set. # You can use this hook to allow/deny certain IP protocols or TCP/UDP # ports before the SuSEfirewall2 generated rules are hit.
iptables -A INPUT -s 24.198.198.42 -d 0/0 --proto all -j DROP iptables -A INPUT -s 24.208.133.143 -d 0/0 --proto all -j DROP iptables -A INPUT -s 24.208.150.4 -d 0/0 --proto all -j DROP
true }
iptables -L yealds:
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere LOG all -- loopback/8 anywhere LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- 192.168.0.2 anywhere LOG level warning tcp-options ip-options prefix uSE-FW-DROP-ANTI-SPOOFING ' DROP all -- 192.168.0.2 anywhere input_ext all -- anywhere 192.168.0.2 DROP all -- anywhere 192.168.0.255 DROP all -- anywhere 255.255.255.255 LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix uSE-FW-ILLEGAL-TARGET ' DROP all -- anywhere anywhere DROP all -- ptd-24-198-198-42.maine.rr.com anywhere
DROP all -- dhcp024-208-133-143.insight.rr.com anywhere DROP all -- dhcp024-208-150-004.insight.rr.com anywhere ......
firewall log:
Mar 19 20:43:08 wahoo kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=24.208.133.143 DST=192.168.0.2 LEN=48 TOS=0x08 PREC=0x00 TTL=121 ID=55047 DF PROTO=TCP SPT=4199 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What to do next ?? -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com