LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-07-2007, 03:17 PM   #1
Karthi_India
LQ Newbie
 
Registered: Apr 2007
Posts: 27

Rep: Reputation: 15
How to block a group of network accessing our machine


Hi All,
I am new to this forum.

Thanks in advance!!!
Can Anybody pls tell me how to block a group of network accessing our machine.


By,
Karthi
 
Old 04-07-2007, 03:54 PM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
what exactly do you mean? an IP block, a subnet in your LAN, etc...

with iptables its not hard to block or drop IP schemes.

example:

Code:
# block doubleclick.net
/sbin/iptables -A CUSTOMINPUT -s 216.73.80.0/20 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 203.147.254.136 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 204.253.104.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 204.253.104.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 205.138.3.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 208.10.202.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 63.160.54.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 63.166.98.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 208.228.86.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 208.32.211.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 65.251.188.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 65.251.189.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 65.251.190.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 65.251.191.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 63.168.198.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 213.86.246.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 208.184.29.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 209.67.38.106 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 216.73.85.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 216.73.86.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 216.73.87.0/24 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 206.65.183.20 -j DROP
/sbin/iptables -A CUSTOMINPUT -s 65.205.8.0/24 -j DROP
and that will drop each one of those IP Schemes from doubleclick.net from getting past your iptable firewall.

now if you are using IPCop, then you can just add that section directly to your /etc/rc.d/rc.local and it will run when you boot your box, or when you type:

/etc/rc.d/rc.local

and poof those IP schemes will be perma dropped.
 
Old 04-07-2007, 04:35 PM   #3
Karthi_India
LQ Newbie
 
Registered: Apr 2007
Posts: 27

Original Poster
Rep: Reputation: 15
I need to block a Subnet

Hi,

Can u tell me how to block a subnet and also How to block a particular ip?

Thanks,

Karthi
 
Old 04-08-2007, 12:20 AM   #4
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
User lleb already showed you how to block ipaddress and subnet using CIDR notation.
Code:
/sbin/iptables -A CUSTOMINPUT -s 216.73.80.0/24 -j DROP


Have you also looked at the /etc/hosts.deny ?

Last edited by Micro420; 04-08-2007 at 12:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to block a certain user from accessing the internet darkone66669 Linux - Security 5 12-01-2006 12:37 PM
how do i block an application from accessing network? firewall? hisnumber666isback Linux - Software 1 05-06-2006 10:45 PM
accessing redhat 9 machine on network... stephs_73 Linux - Networking 1 10-12-2004 11:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration