On Wed, 24 Nov 2004 10:51:40 -0300, Vinicius <cviniciusm@xxxxxxxxxxxx> wrote: > > > > On Wednesday 24 November 2004 19:47, Vinicius wrote: > > > how to block a range of IP's with system-config-securitylevel-tui, > > > please? > > > > > > I'd uee shorewall for that. I recently separated the world into > "cans" and > > "cannots" to make it harder for folk to reach one of my boxes via > sshhhhhh. > > > > Works wonderfull I would say to follow Alexander's advice. If you understand how iptables works then to add a simple rule like this you do not need another package... in the above example: iptables -I INPUT -i $YOUR_INPUT_INTERFACE -p tcp -m tcp -s $IP/$NET -j REJECT --reject-with icmp-port-unreachable will do the trick. for your case, without changing your rules drastically, change it to this (and for the sake of this example, assume that the addresses you want to block are a c class beginning with 10.28.30) iptables -I RH-Firewall-1-INPUT -p tcp -m tcp -s 10.28.30.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable That will do it on all interfaces. Or, specifically for eth0: iptables -I RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp -s 10.28.30.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable your best friend is "man iptables", and in RH/Fedora based distros, you dont even have to write a script, you can just edit /etc/sysconfig/iptables. Hope this was actually helpful.
