vatsasri
asked on
Block an IP
Hello,
Can any body tell me how to block an IP address or range of Addresses under IPChains. I tried several options to block the same. Also I am findiing it difficult to block range of Ports,
/sbin/ipchains -D input -s 192.168.0.129 -J DENY
ASKER
hello MFCRich,
thanx for ur time, but I want to block a range of IP under a same subnet. If I follow the rule then, If I want to block 50 continuous address then, I have to enter 50 number of entries in the script. Is there any shortcut?
Regards,
Srivatsa
thanx for ur time, but I want to block a range of IP under a same subnet. If I follow the rule then, If I want to block 50 continuous address then, I have to enter 50 number of entries in the script. Is there any shortcut?
Regards,
Srivatsa
You could brake down the block of 50 continuous IPs into subnets of 32, 16, 8, ... addresses. The best you could hope for would be three rules for each interface ( subnets of 32, 16, and 2) It depends on the upper and lower boundries of the 50 addresses you want to block.
Hey there!
if it's an internal network, a good solution is to split the network into 192.168.0.x for the blocked machines, 192.168.1.x for non-blocked machines, for example.
So you can block all the 192.168.0.0/24 network with one simple chain...
hope this helps.
-garisoain
if it's an internal network, a good solution is to split the network into 192.168.0.x for the blocked machines, 192.168.1.x for non-blocked machines, for example.
So you can block all the 192.168.0.0/24 network with one simple chain...
hope this helps.
-garisoain
ASKER
In this case can I have two set of IPs (192.168.0.0/24 & 192.168.1.0/24) on one NIC?
Can u please tell me how do I do it under LinuxConf(I use this since it is very handy)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the machines to be blocked are in continuous order
try...(not tested just an idea...I use this with ipfwd)
ip=40
while [ $ip -le 90 ]
do
ipchains -A input -d 10.1.2.$ip/24 -j REJECT
ip=$((ip+1))
done
However this would add 50 rules, I do not know if this
will affect overall efficiency
try...(not tested just an idea...I use this with ipfwd)
ip=40
while [ $ip -le 90 ]
do
ipchains -A input -d 10.1.2.$ip/24 -j REJECT
ip=$((ip+1))
done
However this would add 50 rules, I do not know if this
will affect overall efficiency
And you can use the --destination-port parameter to block a range of ports
eg:
--destination-port 135:139
eg:
--destination-port 135:139
vatsasri:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This says to delete a rule. To append(or add) a rule use the -A switch like this:
/sbin/ipchains -A input -s 192.168.0.129 -J DENY
For a range of IP addr you can use the IP/subnet-mask notation (eg 192.168.0.0/255.255.255.0)
If this machine is a gateway for a network you should probably specify the interface the rule should apply to. For example if eth0 is your interface to the Internet and eth1 is your interface to your LAN then the following two rules should probably be used.
1)/sbin/ipchains -A input -i eth0 -s 192.168.0.0/255.255.255.0 -J DENY
2)/sbin/ipchains -A input -i eth1 -d 192.168.0.0/255.255.255.0 -J DENY
Rule 1 says block everything coming from the specified network and rule 2 says block everything going to the network