Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I saw an ip addres of someone that I do not reconize, and I want to ban that ip, but I dont see where to do that. I configured lokkit, and I have the stock firewall (btw i am using red hat 8.0) can anyone tell me how to ban ip's or recomend a good firewall for rh8?
Lokkit is based on netfilter (= iptables). netfilter is implemented in the linux kernel. There are no real firewalls besides netfilter since they all are just wrappers around netfilter.
To get more information, visit the homepage. You could then add a rule like that:
iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx/32 -j DROP
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398
Rep:
but keep one thing in mind the person you ban if s/he diesnt have a static ip everytime s/he connects to internet ips will change and s/he connect to you again
You CAN ban mac addresses but remember that this just works in a network WITHOUT routers since AFAIR the MAC get's rewritten once it passes a router. The mac address will then ban the router's MAC adr ...
Distribution: RH 6.2, Gen2, Knoppix,arch, bodhi, studio, suse, mint
Posts: 3,304
Rep:
you could drop their whole range of ip's. the dynamic
ip's will probably fit in a certain range. dropping everything
with the same first 3 numbers will probably do what you
want.
Distribution: RH 6.2, Gen2, Knoppix,arch, bodhi, studio, suse, mint
Posts: 3,304
Rep:
i'm just guessing that since he said it's
an address he didn't recognize, that he's only letting
a few specific people in anyway.
He would probably be fine to deny all and have a list he
permits. Assuming he's trying to deny all that he doesn't
know.
yeah, makes sense, but he might just be browsing through the logs, and doesn't like some access to some ports or something, and wants to ban that computer for good measure...
If you wanted to block all of 12.x.x.x, it would be 12.0.0.0/8
12.34.x.x would be: 12.34.0.0/16
12.34.56.x would be 12.34.56.0/24
And to block one IP with that notation it would be 12.34.56.78/32
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.