Solved

Block an IP

Posted on 2001-07-19
9
1,349 Views
Last Modified: 2013-12-15

Hello,

Can any body tell me how to block an IP address or range of Addresses under IPChains. I tried several options to block the same. Also I am findiing it difficult to block range of Ports,

/sbin/ipchains -D input -s 192.168.0.129 -J DENY
0
Comment
Question by:vatsasri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 6300741
/sbin/ipchains -D input -s 192.168.0.129 -J DENY

This says to delete a rule. To append(or add) a rule use the -A switch like this:

/sbin/ipchains -A input -s 192.168.0.129 -J DENY

For a range of IP addr you can use the IP/subnet-mask notation (eg 192.168.0.0/255.255.255.0)

If this machine is a gateway for a network you should probably specify the interface the rule should apply to. For example if eth0 is your interface to the Internet and eth1 is your interface to your LAN then the following two rules should probably be used.

1)/sbin/ipchains -A input -i eth0 -s 192.168.0.0/255.255.255.0 -J DENY

2)/sbin/ipchains -A input -i eth1 -d 192.168.0.0/255.255.255.0 -J DENY  

Rule 1 says block everything coming from the specified network and rule 2 says block everything going to the network
0
 

Author Comment

by:vatsasri
ID: 6300785
hello MFCRich,

thanx for ur time, but I want to block a range of IP under a same subnet. If I follow the rule then, If I want to block 50 continuous address then, I have to enter 50 number of entries in the script. Is there any shortcut?

Regards,

Srivatsa
0
 
LVL 4

Expert Comment

by:MFCRich
ID: 6300956
You could brake down the block of 50 continuous IPs into subnets of 32, 16, 8, ... addresses. The best you could hope for would be three rules for each interface ( subnets of 32, 16, and 2) It depends on the upper and lower boundries of the 50 addresses you want to block.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 4

Expert Comment

by:garisoain
ID: 6303061
Hey there!

if it's an internal network, a good solution is to split the network into 192.168.0.x for the blocked machines, 192.168.1.x for non-blocked machines, for example.

So you can block all the 192.168.0.0/24 network with one simple chain...

hope this helps.
-garisoain

0
 

Author Comment

by:vatsasri
ID: 6304306

In this case can I have two set of IPs (192.168.0.0/24 & 192.168.1.0/24) on one NIC?

Can u please tell me how do I do it under LinuxConf(I use this since it is very handy)
0
 
LVL 4

Accepted Solution

by:
garisoain earned 50 total points
ID: 6308764
Hey there.
do you want to access 2 sets of IP?
or you want your NIC to have 2 different IP?

I have never used Linuxconf (Slackware User), so I won't be useful about it...

But, from the linux console, all you got to do is:

For the first, you only need to add 'logic' communication to the other network, the 'route' command will do.

I don't remember the exact syntax of the command, but its something like:

# route add 192.168.1.0

so your Box can 'see' the 192.168.1.0/24 network too.

If you want your NIC to have 2 different IP, you're looking for IP-Aliasing, 'ifconfig' can do this. (but you need to support this from kernel)

# ifconfig eth0 192.168.0.1
# ifconfig eth0:alias 192.168.3.254

with this, your NIC will be 192.168.0.1 AND 192.168.3.254.

I don't have a Linux box near, so i'll need to send you to the manuals... =/

man ifconfig
man route

Hope this helps...
-garisoain
0
 
LVL 1

Expert Comment

by:CrypToniC
ID: 6321750
If the machines to be blocked are in continuous order
try...(not tested just an idea...I use this with ipfwd)

ip=40
while [ $ip -le 90 ]
  do
    ipchains -A input -d 10.1.2.$ip/24 -j REJECT
    ip=$((ip+1))
  done


However this would add 50 rules, I do not know if this
will affect overall efficiency

0
 
LVL 6

Expert Comment

by:st_steve
ID: 7036336
And you can use the --destination-port parameter to block a range of ports

eg:

--destination-port 135:139
0
 

Expert Comment

by:CleanupPing
ID: 9086728
vatsasri:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question