All,
well, i just setup a linux router for myself. for the
improved security, dedicated box, ect anyway....
every once in a while I'll find an IP addy that I want/need to block, either
cuz I don't want them CONSTANTLY trying to do code red on my IIS server which
HAS BEEN PATCHED, or, they just make me mad.
so... using the “iptables -A INPUT -f -d 192.168.1.1 -j DROP”
command would be a good way to do it, correct?
FYI, I'm using a hardened version of RH 7.2, commonly known as IPCop v1.3.0
Fixes 1 and 2. I have it setup for GREEN + ORANGE + RED. It
uses IPTables
GREEN (LAN) = eth0
ORANGE (DMZ) = eth1
RED (WAN) = eth2
Here’s what I’ve tried to do:
First, I try to drop all ICMP packets (pings). Had trouble with that until I deleted the "ACCEPT icmp -- anywhere anywhere" rule and added a DENY for ICMP in INPUT.
So... my current problem is trying to deny access to certain IPs. But the "iptables -A INPUT -f -d 192.168.1.1 -j DROP" for whatever reason doesn't work. I mean it works and adds the rule, but the host can still access my firewall. my INPUT rule file is below:
Chain INPUT (policy DROP)target prot opt source destinationipac~o all -- anywhere anywherePSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URGPSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 10/sec burst 5CUSTOMINPUT all -- anywhere anywhereACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT all -- anywhere anywhereACCEPT all -- anywhere anywhereACCEPT all -- anywhere anywhereRED all -- anywhere anywhereXTACCESS all -- anywhere anywhereLOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `INPUT '
DROP icmp -- anywhere anywhere
so... do i need to delete another rule? or what am I doing wrong?
Chris
ImplexantSystems.com
chris@implexantsystems.com