Topic: Blocking access to specific IP's

[Bron]

I want to block access to my server to specific IP addresses which appear to be launching grounds for hack attempts, i've had a look in the forums and have found a number of references to what needs to be done, but is there anyone out there willing to help a numpty through the process?




Bron

[Ad]

You can add the ip-adress to your firewall list, and tell your firewall to drop all communication from that adress (replace the 10.11.12.13 with the adress you want to block):

/sbin/ipchains -I input -s 10.11.12.13 -j DENY -l

This will be lost after a reboot, I'm not sure where you can store this.

There are some packages that can do this: Acid / Guardian. I've made my own script that applies adresses that I want to block and checks every hour if the block is still in the rules, and re-applies the rule if neccesary.

[darren]

this sounds like something you would put in the masq file
create a file called somthing like
47Blockip at
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/

edit it then put the
## reject Ip addresses##
/sbin/ipchains -I input -s (IP ADDRESS TO REJECT) -j DENY -l
## end reject Ip addresses ##

then Rebuid the template by
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

then you  can either reboot the machine or just run the masq file
/etc/rc.d/init.d/masq restart

that should be it every time the firewall is implemented that ip address should be blocked as well
haven't tested this but it should work.

if you don't like it just remove the
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/47Blockip
file
and rebuld the template then restart the masq file

Hope this is what you were after!!

Daz

[Bron]

Thanks i'll give that a try.  But does anyone know what this is and why it is happening?

www.warbirdz.net 217.162.127.107 - - [09/Oct/2002:19:09:29 +1000] "-" 408 - "-" "-"
 
I didn't see it for months and suddenly seeing it all the time now, hundreds of times an hour!  Lots of different IP addresses, mostly from Korea and China which indicates that whatever it is it's being bounced around!

I guess it's only a problem if it's playing havoc with my bandwidth or if I have a virus ....   I just don't know enough about Linux to know.

Blocking the IP's isn't going to work because the IP address changes all the time.

[Timothy]

How to Block and Allow a Specific IP address on E-smith 5.6.

I have two network:

For External is 192.168.10.0/24 and for Private is 192.168.30.0/24.

1.I want to allow some IP on External LAN to access all resources on the Private   LAN.

2. All private LAN will only allow to access SMTP and HTTP which located on EXTERNAL NETWORK and all  resources on PRIVATE LAN except for three IP's which will allow to access all resources on both LAN.