| sean finney on 2 Feb 2012 23:43:11 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Quick & dirty IP blocking |
On Thu, Feb 02, 2012 at 11:53:18PM -0500, JP Vossen wrote: > But then I found 'ip route add blackhole ...' > http://en.wikipedia.org/wiki/Nullroute neato, did not know about that :) > addresses, and had added that to /etc/rc.local, after testing, so it > will survive a reboot. I'm sure there's a better, ifcfg-related > place to put it, but this worked for me. Unlike iptables or one thing you might want to watch out for is that depending on your distro / environment, restarting networking (or even just losing your link for a moment) might lose that routing info on the live system. for "traditional" debian/ubuntu networking (/etc/network/interfaces), you could put in an "up" stanza in your config: iface eth0 inet dhcp up ip route add blackhole... I think NetworkManager will may respect that on systems that use /e/n/i. Don't know about RH/FC but would imagine they have a similar type of hook action. sean ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug