LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-12-2005, 05:38 PM   #1
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Rep: Reputation: 15
iptables block IP subnets


I am trying to block many entire blocks of IPs with iptables, and with what information I can find, it would appear that I block IPs with:

iptables -I INPUT -s 25.55.55.55 -j DROP

If I wanted to block 25.25.25.25.

However, say I wanted to block 30.30.*.*, or 212.9.*.*. How would I do this?
 
Old 01-13-2005, 02:42 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
iptables -I INPUT -s 30.30.0.0/255.255.0.0 -j DROP
iptables -I INPUT -s 212.9.0.0/255.255.0.0 -j DROP

good luck
 
Old 01-13-2005, 04:46 AM   #3
bratch
Member
 
Registered: Nov 2004
Location: Jersey, British Isles
Distribution: Gentoo
Posts: 44

Original Poster
Rep: Reputation: 15
Thanks for that reply, I'll give it a shot, could you tell me how that works though - so I could apply it to any range of addresses.

Logically to me it looks like 212.9.0.0/255.255.0.0 would block 212-255.9-255.0.0, if you see what I mean...


To block say 234.*.*.* would I use 234.0.0.0/255.0.0.0, and to block 123.212.232.* would I use 123.212.232.0/255.255.255.0?

Thanks very much.
 
Old 01-13-2005, 09:31 AM   #4
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
Quote:
Originally posted by bratch

To block say 234.*.*.* would I use 234.0.0.0/255.0.0.0, and to block 123.212.232.* would I use 123.212.232.0/255.255.255.0?
yes u r right.

good luck
 
Old 02-06-2005, 09:04 PM   #5
procam
LQ Newbie
 
Registered: Oct 2003
Posts: 1

Rep: Reputation: 0
Help Please

Well this stopped my spam problem I had been unknowingly adding ips to the /etc/rblblacklist
using exim4 and trying to stop the spam madness 0- however it seems according to exim you can only use example.com format in that blacklist - not ips
So I used your iptable method and it worked so well im just sittin here gloating im so happy thank you for the killer thread - Ive always just let iptables run automatically and never touched it manually but I was happy to do so today!
Now after doing some extensive reading about iptables I am concerned -
It took me a good deal of time to enter all these ips into it -
and according to what I read - if iptables is restarted or the unit reboots this data will be lost of all the ips I have entered - is this true? and How can I prevent my valuable list of blocked ips from disappearing during reboot?

Thanks!!!

AJD

Last edited by procam; 02-06-2005 at 09:08 PM.
 
Old 02-07-2005, 03:03 AM   #6
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
u can save current iptables rules like that:
iptables-save > /etc/iptables.rules

after that u can load the rules that u saved, like that (u can add the following line in rc.local file. so iptables will load your rules for every restart):
iptables-restore < /etc/iptables.rules

btw: if u use redhat or fedora u can prefer following:
/etc/init.d/iptables save
and it will save the iptables current rules. if u enable service of iptables on boot, it will load your rules during the starting system.

good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables and PPTPD :S (to block or not to block) thewonka Linux - Networking 0 03-24-2005 07:58 PM
IPtables - Block all except what I allow ]SK[ Linux - Software 4 02-10-2005 07:14 AM
Using iptables to only allow certain subnets access ThePlague Linux - Networking 7 12-29-2004 12:11 PM
iptables, block port 80? frank2 Linux - Security 4 09-12-2004 10:14 AM
IPTables to block IP protocol ppuru Linux - Security 3 06-26-2004 03:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration