LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Proftpd block IP range
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-08-2008, 08:59 AM   #1
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Rep: Reputation: 33
Proftpd block IP range

How would i block an IP range in Proftpd?
I would like to block say from aaa.bbb.ccc.ddd - aaa.bbb.eee.fff
I know that you put it under <Limit LOGON> but how would you type it out in a correct format?
Thanks.
I don't want to add it to Iptables becasue i still want to SSH into the server but i do not want those IPs to be able to access my FTP server.

Thanks
 
Old 01-08-2008, 11:54 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by C-Sniper View Post
I don't want to add it to Iptables becasue i still want to SSH into the server but i do not want those IPs to be able to access my FTP server.
I have no experience with ProFTPD, but I thought I would mention that you can make the iptables rules apply specifically to the FTP server - so that they don't affect your SSH or anything else. Example:
Code:
iptables -I INPUT -p TCP --dport 21 \
-m iprange --src-range aaa.bbb.ccc.ddd-aaa.bbb.eee.fff -j DROP
That said, the ProFTPD site has a <Limit LOGIN> example.
 
Old 01-08-2008, 02:26 PM   #3
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Original Poster
Rep: Reputation: 33
I think that i will probably use the iptables. this is mainly for keeping a school out of my homework share.


Thanks!
 
Old 02-01-2008, 08:27 AM   #4
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Original Poster
Rep: Reputation: 33
Is there a more permanent solution to this? As everytime i restart i see that i have to re-add the rule into IPtables. Shoud i just toss this in rc.local then?
 
Old 02-01-2008, 11:07 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
If you're on Slackware use rc.firewall instead.
 
Old 02-01-2008, 11:27 AM   #6
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Original Poster
Rep: Reputation: 33
cannot find the rc.firewall file.
slocate returned no results.
Last edited by C-Sniper; 02-01-2008 at 12:33 PM.
 
Old 02-01-2008, 05:39 PM   #7
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by C-Sniper View Post
cannot find the rc.firewall file.
slocate returned no results.
You're going to have to create rc.firewall...it doesn't exist by default in Slackware, although iptables is installed by default.
 
Old 02-01-2008, 05:54 PM   #8
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Original Poster
Rep: Reputation: 33
ok so since its an rc.* file im guessing just throw it in the rc.d folder?
well ill give it a try. Thanks for everyone's help.
 
Old 02-01-2008, 05:57 PM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by C-Sniper View Post
ok so since its an rc.* file im guessing just throw it in the rc.d folder?
Yeah, just create it and make sure it's executable.
Code:
touch /etc/rc.d/rc.firewall
chmod 755 /etc/rc.d/rc.firewall
If all you're gonna have in it is the command from above then the contents should look like:
Code:
#!/bin/sh

iptables -A INPUT -p TCP --dport 21 \
-m iprange --src-range aaa.bbb.ccc.ddd-aaa.bbb.eee.fff -j DROP
Whether you use "-A" or "-I" is irrelevant in this case, as there are (I assume) no other rules.
Last edited by win32sux; 02-01-2008 at 06:01 PM.
 
Old 02-01-2008, 07:20 PM   #10
C-Sniper
Member
 
Registered: Dec 2006
Distribution: Slackware
Posts: 507

Original Poster
Rep: Reputation: 33
ok... just tried it and it works fine. Cheers to all!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
block whole IP range with iptables jonfa Linux - Security 6 11-19-2008 07:37 AM
In SQUID - Block all websites but a couple - but only apply to a particular IP range shifflav Linux - Networking 1 08-07-2007 10:54 AM
i want to block a range of ips using iptables... Vasili Linux - Security 18 09-19-2006 06:31 AM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 10:27 AM
how to block an entire IP range? enzo250gto Linux - Networking 2 05-01-2004 08:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:01 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration