LinuxQuestions.org - banning an IP

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - banning an IP (https://www.linuxquestions.org/questions/linux-security-4/banning-an-ip-58886/)

digsby0007

05-09-2003 07:11 AM

banning an IP

I saw an ip addres of someone that I do not reconize, and I want to ban that ip, but I dont see where to do that. I configured lokkit, and I have the stock firewall (btw i am using red hat 8.0) can anyone tell me how to ban ip's or recomend a good firewall for rh8?

Thanks,
Digsby

markus1982

05-09-2003 08:44 AM

Lokkit is based on netfilter (= iptables). netfilter is implemented in the linux kernel. There are no real firewalls besides netfilter since they all are just wrappers around netfilter.

To get more information, visit the homepage. You could then add a rule like that:

iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx/32 -j DROP

nakkaya

05-09-2003 01:37 PM

but keep one thing in mind the person you ban if s/he diesnt have a static ip everytime s/he connects to internet ips will change and s/he connect to you again

Crashed_Again

05-09-2003 04:39 PM

good point nakkaya...heres a question for one of you gurus:

Can you ban mac addresses?

shahriars

05-10-2003 12:04 AM

yes, there is a solution provided by Trd79 at a thread I've started

you can check

http://www.linuxquestions.org/questi...threadid=50347

for the solution. It is quite primitive ( ;-) ) though, and needs a little bit of modification. But it works. Thanks to Trd79 for that.

markus1982

05-10-2003 04:44 AM

You CAN ban mac addresses but remember that this just works in a network WITHOUT routers since AFAIR the MAC get's rewritten once it passes a router. The mac address will then ban the router's MAC adr ...

whansard

05-10-2003 06:35 AM

you could drop their whole range of ip's. the dynamic
ip's will probably fit in a certain range. dropping everything
with the same first 3 numbers will probably do what you
want.

bluenirve

05-11-2003 04:11 PM

but then again, it will also probably effect someone else that's ok to connect to his computer... block ranges with caution

whansard

05-11-2003 05:57 PM

i'm just guessing that since he said it's
an address he didn't recognize, that he's only letting
a few specific people in anyway.
He would probably be fine to deny all and have a list he
permits. Assuming he's trying to deny all that he doesn't
know.

bluenirve

05-11-2003 06:05 PM

yeah, makes sense, but he might just be browsing through the logs, and doesn't like some access to some ports or something, and wants to ban that computer for good measure...

aufwiedersehen

02-26-2004 07:37 PM

How would one be able to block a range of ip's like say i wanted to block 12.34.*.* how can this be done?

Capt_Caveman

02-27-2004 12:02 AM

To block entire subnets like that:

If you wanted to block all of 12.x.x.x, it would be 12.0.0.0/8
12.34.x.x would be: 12.34.0.0/16
12.34.56.x would be 12.34.56.0/24
And to block one IP with that notation it would be 12.34.56.78/32

All times are GMT -5. The time now is 01:50 PM.