banning an ip

im1crazyassmofo · 04-07-2003, 10:05 PM

i want to ban this kids ip address so he cant get into my boxx...how do i do that?!?! please help!

cuckoopint · 04-07-2003, 10:29 PM

/etc/hosts.deny

cuckoopint · 04-07-2003, 10:30 PM

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

MasterC · 04-07-2003, 10:30 PM

Place the IP address in /etc/hosts.deny

Here's the syntax:
httpd: 1.2.3.4

Assuming you don't want them in via http, do the same for ftp and so on if that's also a problem (I think maybe just a generic IP might block all traffic from that box to your box...).

Cool

cuckoopint · 04-07-2003, 10:50 PM

Quote:

Here's the syntax:
httpd: 1.2.3.4

from the sound of the original post, it seems all access should be blocked:

ALL: 1.2.3.4

MasterC · 04-07-2003, 11:09 PM

Hey cool, thanks for showing me that. I've just been denying them, service by service

Cool

cuckoopint · 04-07-2003, 11:18 PM

Quote:

Hey cool, thanks for showing me that. I've just been denying them, service by service

eeew, thats just ugly.

I recommend skimming:
'man 5 hosts_access'

(especially the wildcards)
; )

Crashed_Again · 04-07-2003, 11:41 PM

Whats so ugly about it?

cuckoopint · 04-07-2003, 11:56 PM

Well, the idea usually behind security is to deny all, and then let some through. this way you can account for the unexpected. The method you seem to be using is IF I remember to block it off, I will. the all method is more like IF it doesn't work, then I know I have to be a bit more lenient. As far as 'ugly', i was thinking of a long list of allows/denies, which is both hard to keep up-to-date and is not generally easy to manage, IMHO.

MasterC · 04-08-2003, 12:12 AM

Yeah, definitely get the idea. So unless you specifically want to allow your buddies all access except 1 (such as ssh) then you would put them in the "ALL" pile.

I've got a question at this point, but I think it will be answered in the man page you've suggested above. However, just for fun I'll post it up, and if I find the answer, reply

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow
?

Cool

maxspeed · 04-08-2003, 12:30 AM

this will block all and make your computer invisible to him.

iptables -A INPUT -p tcp --sport xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

cuckoopint · 04-08-2003, 04:51 AM

Quote:

I've got a question at this point

It works the way it should...

HOSTS_ACCESS(5)

unSpawn · 04-08-2003, 06:15 AM

but getting his MAC address may be more effective, since he can change ip's (especially if they are dynamic)

AFAIK blocking anything by MAC addr will only work inside a LAN, not outside.

Shinobi · 04-08-2003, 12:59 PM

Which file is read first, or takes more presidence:
hosts.deny
hosts.allow

http://www.wundermoosen.com/TMAHelp/pgs/inetdconf.htm

"If hosts.allow were to say: "grant access to all" and if hosts.deny were to say: "deny access to all", the hosts.deny entry would not trump hosts.allow. It would be ignored."

So hosts.deny is used to fine tune hosts.allow and not otherwise.

Shinobi · 04-08-2003, 01:01 PM

Quote:

Originally posted by maxspeed
this will block all and make your computer invisible to him.

iptables -A INPUT -p tcp --sport xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset

It won't make your hardware invisible to him. This is a software firewall, not quite as effective as a true firewall.