banning an IP

digsby0007 · 05-09-2003, 07:11 AM

I saw an ip addres of someone that I do not reconize, and I want to ban that ip, but I dont see where to do that. I configured lokkit, and I have the stock firewall (btw i am using red hat 8.0) can anyone tell me how to ban ip's or recomend a good firewall for rh8?

Thanks,
Digsby

markus1982 · 05-09-2003, 08:44 AM

Lokkit is based on netfilter (= iptables). netfilter is implemented in the linux kernel. There are no real firewalls besides netfilter since they all are just wrappers around netfilter.

To get more information, visit the homepage. You could then add a rule like that:

iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx/32 -j DROP

nakkaya · 05-09-2003, 01:37 PM

but keep one thing in mind the person you ban if s/he diesnt have a static ip everytime s/he connects to internet ips will change and s/he connect to you again

Crashed_Again · 05-09-2003, 04:39 PM

good point nakkaya...heres a question for one of you gurus:

Can you ban mac addresses?

shahriars · 05-10-2003, 12:04 AM

yes, there is a solution provided by Trd79 at a thread I've started

you can check

http://www.linuxquestions.org/questi...threadid=50347

for the solution. It is quite primitive ( ;-) ) though, and needs a little bit of modification. But it works. Thanks to Trd79 for that.

markus1982 · 05-10-2003, 04:44 AM

You CAN ban mac addresses but remember that this just works in a network WITHOUT routers since AFAIR the MAC get's rewritten once it passes a router. The mac address will then ban the router's MAC adr ...

whansard · 05-10-2003, 06:35 AM

you could drop their whole range of ip's. the dynamic
ip's will probably fit in a certain range. dropping everything
with the same first 3 numbers will probably do what you
want.

bluenirve · 05-11-2003, 04:11 PM

but then again, it will also probably effect someone else that's ok to connect to his computer... block ranges with caution

whansard · 05-11-2003, 05:57 PM

i'm just guessing that since he said it's
an address he didn't recognize, that he's only letting
a few specific people in anyway.
He would probably be fine to deny all and have a list he
permits. Assuming he's trying to deny all that he doesn't
know.

bluenirve · 05-11-2003, 06:05 PM

yeah, makes sense, but he might just be browsing through the logs, and doesn't like some access to some ports or something, and wants to ban that computer for good measure...

aufwiedersehen · 02-26-2004, 07:37 PM

How would one be able to block a range of ip's like say i wanted to block 12.34.*.* how can this be done?

Capt_Caveman · 02-27-2004, 12:02 AM

To block entire subnets like that:

If you wanted to block all of 12.x.x.x, it would be 12.0.0.0/8
12.34.x.x would be: 12.34.0.0/16
12.34.56.x would be 12.34.56.0/24
And to block one IP with that notation it would be 12.34.56.78/32