LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   banning an IP (http://www.linuxquestions.org/questions/linux-security-4/banning-an-ip-58886/)

digsby0007 05-09-2003 08:11 AM

banning an IP
 
I saw an ip addres of someone that I do not reconize, and I want to ban that ip, but I dont see where to do that. I configured lokkit, and I have the stock firewall (btw i am using red hat 8.0) can anyone tell me how to ban ip's or recomend a good firewall for rh8?

Thanks,
Digsby

markus1982 05-09-2003 09:44 AM

Lokkit is based on netfilter (= iptables). netfilter is implemented in the linux kernel. There are no real firewalls besides netfilter since they all are just wrappers around netfilter.

To get more information, visit the homepage. You could then add a rule like that:

iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx/32 -j DROP

nakkaya 05-09-2003 02:37 PM

but keep one thing in mind the person you ban if s/he diesnt have a static ip everytime s/he connects to internet ips will change and s/he connect to you again

Crashed_Again 05-09-2003 05:39 PM

good point nakkaya...heres a question for one of you gurus:

Can you ban mac addresses?

shahriars 05-10-2003 01:04 AM

yes, there is a solution provided by Trd79 at a thread I've started

you can check

http://www.linuxquestions.org/questi...threadid=50347

for the solution. It is quite primitive ( ;-) ) though, and needs a little bit of modification. But it works. Thanks to Trd79 for that.

markus1982 05-10-2003 05:44 AM

You CAN ban mac addresses but remember that this just works in a network WITHOUT routers since AFAIR the MAC get's rewritten once it passes a router. The mac address will then ban the router's MAC adr ...

whansard 05-10-2003 07:35 AM

you could drop their whole range of ip's. the dynamic
ip's will probably fit in a certain range. dropping everything
with the same first 3 numbers will probably do what you
want.

bluenirve 05-11-2003 05:11 PM

but then again, it will also probably effect someone else that's ok to connect to his computer... block ranges with caution

whansard 05-11-2003 06:57 PM

i'm just guessing that since he said it's
an address he didn't recognize, that he's only letting
a few specific people in anyway.
He would probably be fine to deny all and have a list he
permits. Assuming he's trying to deny all that he doesn't
know.

bluenirve 05-11-2003 07:05 PM

yeah, makes sense, but he might just be browsing through the logs, and doesn't like some access to some ports or something, and wants to ban that computer for good measure...

aufwiedersehen 02-26-2004 08:37 PM

How would one be able to block a range of ip's like say i wanted to block 12.34.*.* how can this be done?

Capt_Caveman 02-27-2004 01:02 AM

To block entire subnets like that:

If you wanted to block all of 12.x.x.x, it would be 12.0.0.0/8
12.34.x.x would be: 12.34.0.0/16
12.34.56.x would be 12.34.56.0/24
And to block one IP with that notation it would be 12.34.56.78/32


All times are GMT -5. The time now is 10:47 PM.