Re: how to block everything from an entire /24

To: Haim Dimermanas <dudle@linuxroot.org>, debian-isp@lists.debian.org
Subject: Re: how to block everything from an entire /24
From: Peter Billson <pete@elbnet.com>
Date: Mon, 16 Apr 2001 09:44:43 -0400
Message-id: <3ADAF74B.9F560DD2@elbnet.com>
References: <3adb367f.3407.0@i-mailbox.net> <3ADAE7A7.35DAF15@elbnet.com> <3ADAF067.E504D8A4@linuxroot.org>

Haim Dimermanas wrote:
> 
> > > and also, how do i block out everything coming from 203.167.117.0/24?
> >   ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l
> >   ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l
> 
> Pete,
> 
>  He says "coming from". Are you sure about the second line? Is it really
> necessary?

You are right that the second rule isn't 100% needed but I feel paranoia
is a Good Thing! :-)

I should have explained that the second rule reduces the possibility of
spoofed packets and communication back to the "blacklisted" IP block. 
I'm assuming that he did not want *any* traffic between his IP and the
remote.

I also should have also explained that the -l at the end will give him
*more* of those log file entries that he originally asked about as it
will log every time a packet is denied.

In general, unless there is a unique problem with a particular IP block,
this is a bad way to go about setting up a firewall. You'll spend your
life trying to stamp out "bad" IP blocks, end up blocking legitimate
users and always be a step behind the Bad Guys.

Thanks for helping me clarify that.
Pete

Reply to:

References:
- how to block everything from an entire /24
  - From: "Sibuyas" <sibuyas@i-mailbox.net>
- Re: how to block everything from an entire /24
  - From: Peter Billson <pete@elbnet.com>

Prev by Date: Re: transparent proxy
Next by Date: Re: how to block everything from an entire /24
Previous by thread: Re: how to block everything from an entire /24
Next by thread: Re: how to block everything from an entire /24
Index(es):
- Date
- Thread