Re: How to block a range of IP's with system-config-securitylevel-tui?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 24 Nov 2004 10:51:40 -0300, Vinicius <cviniciusm@xxxxxxxxxxxx> wrote:
> 
> 
> > On Wednesday 24 November 2004 19:47, Vinicius wrote:
> > > how to block a range of IP's with system-config-securitylevel-tui,
> > > please?
> >
> >
> > I'd uee shorewall for that. I recently separated the world into
> "cans" and
> > "cannots" to make it harder for folk to reach one of my boxes via
> sshhhhhh.
> >
> > Works wonderfull



I would say to follow Alexander's advice. If you understand how
iptables works then to add a simple rule like this you do not need
another package...


in the above example:

iptables -I INPUT -i $YOUR_INPUT_INTERFACE -p tcp -m tcp -s $IP/$NET -j
REJECT --reject-with icmp-port-unreachable

will do the trick. for your case, without changing your rules
drastically, change it to this (and for the sake of this example,
assume that the addresses you want to block are a c class beginning
with 10.28.30)

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp -s 10.28.30.0/255.255.255.0 -j
REJECT --reject-with icmp-port-unreachable

That will do it on all interfaces. Or, specifically for eth0:

iptables -I RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp -s
10.28.30.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable

your best friend is "man iptables", and in RH/Fedora based distros,
you dont even have to write a script, you can just edit
/etc/sysconfig/iptables.

Hope this was actually helpful.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux