Fred Stluka on 5 Feb 2012 22:34:13 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Quick& dirty IP blocking

On 2/3/12 3:26 PM, JP Vossen wrote:
Date: Fri, 3 Feb 2012 09:09:35 -0500
From: "Paul W. Roach III"<paul@isaroach.com>

The iptables equivalent would be:

iptables -A INPUT -s 192.168.192.0/24 -j DROP

OK, I have to admit I haven't played with iptables in a long time, and it and distros change.  Having said that, are you sure?  I thought there would be some defaults you'd need to make sure you don't run afoul of. Like a default allow a couple of things the a "deny all".  So if you don't allow all the right things before you turn it on...

Am I assuming wrong?  If, on a stock Debian Lenny or Ubuntu 10.04 or newer system it's really just that 1 line, then that is much simpler than I recall it being.
Yeah, adding a rule is a one-liner:
    sudo iptables -I INPUT -s $1 -j DROP
and making the change permanent is another one-liner:
    sudo service iptables save

I use fail2ban to automatically block IP addresses, but when
I want to block one manually, I have it all wrapped up, including
e-mail to root (which is forwarded to all sys admins) saying that
the IP was blocked.  So, none of the other sysadmins who may
see the same logwatch e-mail bothers to block it again.  See:
    http://bristle.com/Tips/Unix/ipblock

--Fred
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates. 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug