There are a couple of ways to do this; the easiest one is an entry in
/etc/hosts.deny:
Code:
ALL: 201.11.209.251
(The above is an actual address I've blocked because someone at that address attempted to break in.)
Another way is to create an entry for
IPTABLES and block the entire domain (on the principle that if a domain permits this kind of activity, you don't want any traffic from that domain). Using the above bad actor address,
Code:
prompt: whois 201.11.209.251
(this returns a lot of stuff, but what you're interesting in is)
inetnum: 201.11/16
aut-num: AS8167
abuse-c: BTA17
owner: Brasil Telecom S/A - Filial Distrito Federal
ownerid: 076.535.764/0326-90
responsible: Brasil Telecom S. A. - CNBRT
country: BR
owner-c: BTC14
tech-c: BTC14
inetrev: 201.11.209/24
nserver: ns03-cta.brasiltelecom.net.br
nsstat: 20101121 AA
nslastaa: 20101121
nserver: ns04-bsa.brasiltelecom.net.br
nsstat: 20101121 AA
nslastaa: 20101121
created: 20040429
changed: 20040429
You create an entry using
IPTABLES to forbid any system in that range with
Code:
sudo
prompt: iptables -A INPUT -s 201.11.209.0/24 -j DROP
By far, the easiest is the entry in
/etc/hosts.deny (and either is effective).
If you have some number if IP addresses you wish to block, simply create a file containing entries for those address ranges:
Code:
iptables -A INPUT -s 212.156.0.0/16 -j DROP
iptables -A INPUT -s 212.156.0.0/17 -j DROP
Save those in a file, make the file executable (
chmod 755 filename) and either execute manually after each system boot or execute it from the local start-up your system supports (in, for example,
/etc/rc.d/rc.local or something similar).
Now, forwarding that to a particular server is a little more tricky depending upon how the forwarded server wants a message constructed (say, an e-mail?).
Hope this helps some.
