Re: how to block everything from an entire /24

To: debian-isp@lists.debian.org
Subject: Re: how to block everything from an entire /24
From: wagnerc@plebeian.com (Chris Wagner)
Date: Wed, 18 Apr 2001 23:04:41 -0400
Message-id: <200104190304.XAA19756@mail.goodnews.net>

The better way is to block it at the router.  Once you figure it out,
blocking subnets is trivial and much more resource effective than having
your firewall do it.  Read your router's documention about ACL's, access
control lists.


At 08:37 AM 4/16/01 -0400, Peter Billson wrote:
>  You need to *quickly* get a good book on using ipchains and set up a
>firewall. If you don't understand firewalling (which is what it sounds
>like but that's OK we've all been there) doing it without guidance can
>be basically useless.
>
>> and also, how do i block out everything coming from 203.167.117.0/24?
>  ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l
>  ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l
>
>To understand what is going on with a high load average try running top
>for a snapshot of what is going on.


                    ---=<ALL YOUR BASE ARE BELONG TO US>=---
            ___/`<YOU HAVE NO CHANCE TO SURVIVE MAKE YOUR TIME!>`\___

00000100

Reply to:

Prev by Date: full duplex ethernet ?
Next by Date: Re: full duplex ethernet ?
Previous by thread: Re: how to block everything from an entire /24
Next by thread: transparent proxy
Index(es):
- Date
- Thread