banning an ip
 

i want to ban this kids ip address so he cant get into my boxx...how do i do that?!?! please help!

/etc/hosts.deny

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

Place the IP address in /etc/hosts.deny

Here's the syntax:
httpd: 1.2.3.4

Assuming you don't want them in via http, do the same for ftp and so on if that's also a problem (I think maybe just a generic IP might block all traffic from that box to your box...).

Cool

from the sound of the original post, it seems all access should be blocked:

ALL: 1.2.3.4

Hey cool, thanks for showing me that. I've just been denying them, service by service :D

Cool

eeew, thats just ugly.

I recommend skimming:
'man 5 hosts_access'

(especially the wildcards)
; )

Whats so ugly about it?

Well, the idea usually behind security is to deny all, and then let some through. this way you can account for the unexpected. The method you seem to be using is IF I remember to block it off, I will. the all method is more like IF it doesn't work, then I know I have to be a bit more lenient. As far as 'ugly', i was thinking of a long list of allows/denies, which is both hard to keep up-to-date and is not generally easy to manage, IMHO.

Yeah, definitely get the idea. So unless you specifically want to allow your buddies all access except 1 (such as ssh) then you would put them in the "ALL" pile.

I've got a question at this point, but I think it will be answered in the man page you've suggested above. However, just for fun I'll post it up, and if I find the answer, reply ;)

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow
?

Cool

this will block all and make your computer invisible to him.

iptables -A INPUT -p tcp --sport xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

It works the way it should...

HOSTS_ACCESS(5)
;)

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

AFAIK blocking anything by MAC addr will only work inside a LAN, not outside.

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow


http://www.wundermoosen.com/TMAHelp/pgs/inetdconf.htm

"If hosts.allow were to say: "grant access to all" and if hosts.deny were to say: "deny access to all", the hosts.deny entry would not trump hosts.allow. It would be ignored."

So hosts.deny is used to fine tune hosts.allow and not otherwise.

It won't make your hardware invisible to him. This is a software firewall, not quite as effective as a true firewall.

Cool, thank you very much for clarifying that for me :)

I was thinking of wireless for some reason...
; )

heh you sure try scanning a linux box with only this rule and see what you get

iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset

and everyone knows that a software firewall is not as effective as a software.

The point was: don't think you're getting off easy. Any noob would look at that and think they are safe.

YOU aren't everyone. Everyone doesn't know the difference between a software and hardware firewall.

Calm down pal. :tisk: