Re: how to block everything from an entire /24
Haim Dimermanas wrote:
>
> > > and also, how do i block out everything coming from 203.167.117.0/24?
> > ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l
> > ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l
>
> Pete,
>
> He says "coming from". Are you sure about the second line? Is it really
> necessary?
You are right that the second rule isn't 100% needed but I feel paranoia
is a Good Thing! :-)
I should have explained that the second rule reduces the possibility of
spoofed packets and communication back to the "blacklisted" IP block.
I'm assuming that he did not want *any* traffic between his IP and the
remote.
I also should have also explained that the -l at the end will give him
*more* of those log file entries that he originally asked about as it
will log every time a packet is denied.
In general, unless there is a unique problem with a particular IP block,
this is a bad way to go about setting up a firewall. You'll spend your
life trying to stamp out "bad" IP blocks, end up blocking legitimate
users and always be a step behind the Bad Guys.
Thanks for helping me clarify that.
Pete
Reply to: