From: "Chris" <chris@implexantsystems.com>
To: Netfilter/IPTables Mailing List <netfilter@lists.netfilter.org>
Subject: Denying access to a public IP
Date: Mon, 12 May 2003 10:49:03 -0700 [thread overview]
Message-ID: <00d401c318ae$c74ffcb0$0400000a@implexantsystems.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2365 bytes --]
All,
well, i just setup a linux router for myself. for the improved security,
dedicated box, ect anyway....
every once in a while I'll find an IP addy that I want/need to block, either
cuz I don't want them CONSTANTLY trying to do code red on my IIS server
which HAS BEEN PATCHED, or, they just make me mad.
so... using the "iptables -A INPUT -f -d 192.168.1.1 -j DROP" command would
be a good way to do it, correct?
FYI, I'm using a hardened version of RH 7.2, commonly known as IPCop v1.3.0
Fixes 1 and 2. I have it setup for GREEN + ORANGE + RED. It uses IPTables
GREEN (LAN) = eth0
ORANGE (DMZ) = eth1
RED (WAN) = eth2
Here's what I've tried to do:
First, I try to drop all ICMP packets (pings). Had trouble with that until I
deleted the "ACCEPT icmp -- anywhere anywhere" rule and added a DENY for
ICMP in INPUT.
So... my current problem is trying to deny access to certain IPs. But the
"iptables -A INPUT -f -d 192.168.1.1 -j DROP" for whatever reason doesn't
work. I mean it works and adds the rule, but the host can still access my
firewall. my INPUT rule file is below:
Chain INPUT (policy DROP)
target prot opt source destination
ipac~o all -- anywhere anywhere
PSCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
PSCAN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN limit: avg 10/sec burst 5
CUSTOMINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
RED all -- anywhere anywhere
XTACCESS all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
10/min burst 5 LOG level warning prefix `INPUT '
DROP icmp -- anywhere anywhere
so... do i need to delete another rule? or what am I doing wrong?
Chris
ImplexantSystems.com <http://www.implexantsystems.com>
chris@implexantsystems.com
[-- Attachment #2: Type: text/html, Size: 8732 bytes --]
next reply other threads:[~2003-05-12 17:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-12 17:49 Chris [this message]
2003-05-12 21:37 ` Denying access to a public IP Chris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00d401c318ae$c74ffcb0$0400000a@implexantsystems.com' \
--to=chris@implexantsystems.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox