How to block a range of IP's with system-config-securitylevel-tui?
paul
ppeeler at gmail.com
Wed Nov 24 14:01:14 UTC 2004
On Wed, 24 Nov 2004 10:51:40 -0300, Vinicius <cviniciusm at terra.com.br> wrote:
>
>
> > On Wednesday 24 November 2004 19:47, Vinicius wrote:
> > > how to block a range of IP's with system-config-securitylevel-tui,
> > > please?
> >
> >
> > I'd uee shorewall for that. I recently separated the world into
> "cans" and
> > "cannots" to make it harder for folk to reach one of my boxes via
> sshhhhhh.
> >
> > Works wonderfull
I would say to follow Alexander's advice. If you understand how
iptables works then to add a simple rule like this you do not need
another package...
in the above example:
iptables -I INPUT -i $YOUR_INPUT_INTERFACE -p tcp -m tcp -s $IP/$NET -j
REJECT --reject-with icmp-port-unreachable
will do the trick. for your case, without changing your rules
drastically, change it to this (and for the sake of this example,
assume that the addresses you want to block are a c class beginning
with 10.28.30)
iptables -I RH-Firewall-1-INPUT -p tcp -m tcp -s 10.28.30.0/255.255.255.0 -j
REJECT --reject-with icmp-port-unreachable
That will do it on all interfaces. Or, specifically for eth0:
iptables -I RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp -s
10.28.30.0/255.255.255.0 -j REJECT --reject-with icmp-port-unreachable
your best friend is "man iptables", and in RH/Fedora based distros,
you dont even have to write a script, you can just edit
/etc/sysconfig/iptables.
Hope this was actually helpful.
More information about the users
mailing list