From: "Chris" <chris@implexantsystems.com>
To: Netfilter/IPTables Mailing List <netfilter@lists.netfilter.org>
Subject: Denying access to a public IP
Date: Mon, 12 May 2003 10:49:03 -0700 [thread overview]
Message-ID: <00d401c318ae$c74ffcb0$0400000a@implexantsystems.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2365 bytes --]
All,
well, i just setup a linux router for myself. for the improved security,
dedicated box, ect anyway....
every once in a while I'll find an IP addy that I want/need to block, either
cuz I don't want them CONSTANTLY trying to do code red on my IIS server
which HAS BEEN PATCHED, or, they just make me mad.
so... using the "iptables -A INPUT -f -d 192.168.1.1 -j DROP" command would
be a good way to do it, correct?
FYI, I'm using a hardened version of RH 7.2, commonly known as IPCop v1.3.0
Fixes 1 and 2. I have it setup for GREEN + ORANGE + RED. It uses IPTables
GREEN (LAN) = eth0
ORANGE (DMZ) = eth1
RED (WAN) = eth2
Here's what I've tried to do:
First, I try to drop all ICMP packets (pings). Had trouble with that until I
deleted the "ACCEPT icmp -- anywhere anywhere" rule and added a DENY for
ICMP in INPUT.
So... my current problem is trying to deny access to certain IPs. But the
"iptables -A INPUT -f -d 192.168.1.1 -j DROP" for whatever reason doesn't
work. I mean it works and adds the rule, but the host can still access my
firewall. my INPUT rule file is below:
Chain INPUT (policy DROP)
target prot opt source destination
ipac~o all -- anywhere anywhere
PSCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
PSCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN limit: avg 10/sec burst 5
CUSTOMINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
RED all -- anywhere anywhere
XTACCESS all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
10/min burst 5 LOG level warning prefix `INPUT '
DROP icmp -- anywhere anywhere
so... do i need to delete another rule? or what am I doing wrong?
Chris
ImplexantSystems.com <http://www.implexantsystems.com>
chris@implexantsystems.com
[-- Attachment #2: Type: text/html, Size: 8732 bytes --]
next reply other threads:[~2003-05-12 17:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-12 17:49 Chris [this message]
2003-05-12 21:37 ` Denying access to a public IP Chris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00d401c318ae$c74ffcb0$0400000a@implexantsystems.com' \
--to=chris@implexantsystems.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.