Newbie :: Block IP Range seems not to work

Newbie :: Block IP Range seems not to work

[Jonathan G - Mailing List]

Hi all,

i'm a newbie in iptables (i have only used commercial products but never 
tried to  write my own rules step by step).

I have read the iptables manual, and other related to server 
configuration but in my case it seems not to work. I'm sure i'm doing 
somrething wrong but i don't know what exactly.

I want to learn to do it fine to modify the default rules that comes 
with IPCop fireall to fit my needs at home.

What i need is to block an ip range completely. I have a internal web 
server. Over my firewall i make a port forward to send all traffic that 
arrives at the firewall to the web server. The firewall own the public 
ip address of my site.

I have used a syntax like this:

iptables -A CUSTOMINPUT -s <RANGE> -j DROP
iptables -A CUSTOMFORWARD -p tcp -s <RANGE> -d <WebSrvIp> --dport 80
iptables -A PORTFWACCESS -p tcp -s <RANGE> -d <WebSrvIp> --dport 80 -j DROP

CUSTOMINPUT is a chain of INPUT type
     - CUSTOMINPUT  all  --  0.0.0.0/0            0.0.0.0/0
CUSTOMFORWARD is a chain of FORWARD type
     - CUSTOMFORWARD  all  --  0.0.0.0/0          0.0.0.0/0
PORTFWACCESS is a chain of FORWARD type
     - PORTFWACCESS  all  --  0.0.0.0/0           0.0.0.0/0

TIA

jonathan

-- 
___________________________________________________________________
  Jonathan Gonzalez - SureStorm.com Security Site - Madrid/MA/SPAIN
  http://www.surestorm.com - GnuPG Key ID = 0xAA3EAC08

  /"\
  \ /  ASCII RIBBON CAMPAIGN
   X   Against HTML mail & Microsoft attachments
  / \