LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   banning an ip (http://www.linuxquestions.org/questions/linux-general-1/banning-an-ip-53940/)

im1crazyassmofo 04-07-2003 10:05 PM

banning an ip
 
i want to ban this kids ip address so he cant get into my boxx...how do i do that?!?! please help!

cuckoopint 04-07-2003 10:29 PM

/etc/hosts.deny

cuckoopint 04-07-2003 10:30 PM

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

MasterC 04-07-2003 10:30 PM

Place the IP address in /etc/hosts.deny

Here's the syntax:
httpd: 1.2.3.4

Assuming you don't want them in via http, do the same for ftp and so on if that's also a problem (I think maybe just a generic IP might block all traffic from that box to your box...).

Cool

cuckoopint 04-07-2003 10:50 PM

Quote:

Here's the syntax:
httpd: 1.2.3.4
from the sound of the original post, it seems all access should be blocked:

ALL: 1.2.3.4

MasterC 04-07-2003 11:09 PM

Hey cool, thanks for showing me that. I've just been denying them, service by service :D

Cool

cuckoopint 04-07-2003 11:18 PM

Quote:

Hey cool, thanks for showing me that. I've just been denying them, service by service
eeew, thats just ugly.

I recommend skimming:
'man 5 hosts_access'

(especially the wildcards)
; )

Crashed_Again 04-07-2003 11:41 PM

Whats so ugly about it?

cuckoopint 04-07-2003 11:56 PM

Well, the idea usually behind security is to deny all, and then let some through. this way you can account for the unexpected. The method you seem to be using is IF I remember to block it off, I will. the all method is more like IF it doesn't work, then I know I have to be a bit more lenient. As far as 'ugly', i was thinking of a long list of allows/denies, which is both hard to keep up-to-date and is not generally easy to manage, IMHO.

MasterC 04-08-2003 12:12 AM

Yeah, definitely get the idea. So unless you specifically want to allow your buddies all access except 1 (such as ssh) then you would put them in the "ALL" pile.

I've got a question at this point, but I think it will be answered in the man page you've suggested above. However, just for fun I'll post it up, and if I find the answer, reply ;)

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow
?

Cool

maxspeed 04-08-2003 12:30 AM

this will block all and make your computer invisible to him.

iptables -A INPUT -p tcp --sport xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

cuckoopint 04-08-2003 04:51 AM

Quote:

I've got a question at this point
It works the way it should...

HOSTS_ACCESS(5)
;)

unSpawn 04-08-2003 06:15 AM

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

AFAIK blocking anything by MAC addr will only work inside a LAN, not outside.

Shinobi 04-08-2003 12:59 PM

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow



http://www.wundermoosen.com/TMAHelp/pgs/inetdconf.htm

"If hosts.allow were to say: "grant access to all" and if hosts.deny were to say: "deny access to all", the hosts.deny entry would not trump hosts.allow. It would be ignored."

So hosts.deny is used to fine tune hosts.allow and not otherwise.

Shinobi 04-08-2003 01:01 PM

Quote:

Originally posted by maxspeed
this will block all and make your computer invisible to him.

iptables -A INPUT -p tcp --sport xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset


It won't make your hardware invisible to him. This is a software firewall, not quite as effective as a true firewall.


All times are GMT -5. The time now is 03:46 AM.