how to setup tcp stop going 1 ip address?

modpriest · 06-28-2009, 02:40 PM

any idea how this was done? i hear they said iptables can do it... but i don't know how! anyone?

modpriest · 06-28-2009, 03:04 PM

i was able to block 1 ip:

#iptables -A OUTPUT -p tcp -d 192.168.2.3 -j DROP

but how do i block ip from

192.168.2.1 to 192.168.2.255 ???? please help me!

Suncoast · 06-28-2009, 04:19 PM

Quote:

Originally Posted by modpriest

but how do i block ip from

192.168.2.1 to 192.168.2.255 ???? please help me!

#iptables -A OUTPUT -p tcp -d 192.168.2.0/24 -j DROP

LeeDaugherty · 06-28-2009, 04:34 PM

Be advised the above command will 'DROP' all TCP protocol packets whose Destination falls in the 192.168.2 subnet...(This command follows with your previous "1 IP command") If you want to be even more restrictive (or paranoid) change -p to ALL (choices are TCP, UDP, and ICMP (or ALL)...If you are trying to restrict incoming requests then you need to replace -d with -s for "Source". Be advised these commands might isolate you on the network if you happen to have an address within that subnet block depending on the order of your iptable rules. UFW can help out here as well...check it out 'man ufw'

modpriest · 06-29-2009, 03:59 AM

ok, i done it, thank alot guy! ur guy are great!