Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-22-2010, 12:32 AM   #1
LQ Newbie
Registered: Sep 2010
Posts: 2

Rep: Reputation: 0
Blocking ips permanently and throwing away the keys

I want to block some ips permanently ie. even I as the root user cannot unblock these ips without having to format the whole system.

So i thought if some blocking software provided passwords for editing rules and I put a 'junk' password there and so that I can't delete the rules without the 'junk' password which I don't know.

So I examined iptables and I saw that it is a kernel module so there is no use of that since I can probably throw it away.

But the basic question is to block ips and gulp the key.
Old 09-22-2010, 02:32 PM   #2
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
If you are (or someone is) root, and/or you have (or someone has) physical access, there's going to be a way to modify your packet filtering ruleset, ACL, or.. whatever.
Old 09-22-2010, 02:57 PM   #3
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Is this a 'save me from myself' type situation?

The normal solution should suffice. If you're having system access control issues (someone removing your blocks), maybe revoke access from that individual or lock down their permissions so that they can't make changes you don't want. If you do this the right way, you won't need the super solution you're currently looking for.
Old 09-23-2010, 02:56 AM   #4
LQ Newbie
Registered: Sep 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Well yes it is a save me from myself situation. The effort required to reverse the blockage should be as much as formatting and reinstalling.
And yes there is no other person involved it is only me and I can't destroy the root password because I need it for other things.

Last edited by jmstr10; 09-23-2010 at 02:58 AM. Reason: forgot
Old 09-23-2010, 03:05 AM   #5
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
How about setting up sudo privileges for your (non-root) user account such that you can do your administrative tasks using sudo? That way you wouldn't need "real" root privileges (you could even disable root account if you wanted to) and there was no problem.

It's just not sane to try to make something so difficult to yourself that it's "too difficult/time consuming to even start", and think you're safe that way. It's just easier to tell yourself not to do it. If we compare this situation to one where you'd try to stop smoking, there is no way you can deny yourself a cigarette if you really want it. But you could use something to make up for the real thing while learning to live without; ex-smokers use all sorts of things that provide nicotin without having to smoke, so you could use (well configured/"limited") sudo to get rid of being root all the time. Even better, you could just learn to live with yourself, but that's quite a hard task sometimes
Old 09-24-2010, 06:58 AM   #6
Senior Member
Registered: Apr 2007
Location: bbsr,orissa,India
Posts: 1,378

Rep: Reputation: 135Reputation: 135
Just give a junk password of too many random characters, which you cant remember even after one 1 hr. Dont write it anywhere.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking ips thesnaggle Linux - Networking 3 03-02-2009 12:26 PM
blocking ips jeff80 Linux - Newbie 4 06-27-2008 08:27 PM
Blocking ips from access andy1974 Linux - Security 5 06-27-2007 06:21 AM
Blocking IPs bluelaguna Linux - Security 2 05-28-2004 02:08 PM
Blocking IPS clanehleader Linux - Security 2 09-01-2003 10:13 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:08 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration