• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

linux routing question

At my job we have a script which will block traffic from an IP address.  For example, for an IP address = A.B.C.D the script would execute this command:

/sbin/route add -net A.B.C.0 netmask 255.255.255.0 lo

Can anybody explain how this works?  I have been tring to understand why this should block the traffic from the IP but I don't understand.

We are using Redhat linux version 7.2.  If the server's gateway were 1.1.1.1 then this would be the routing table:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
1.1.1.0     0.0.0.0         255.255.240.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         1.1.1.1     0.0.0.0         UG        0 0          0 eth0
0
bryanlloydharris
Asked:
bryanlloydharris
1 Solution
 
Gabriel OrozcoSolution ArchitectCommented:
I think the routing command is telling your linux to route that nework USING "lo" (localhost adapter) so it will never answer packets to that network using eth0 (your default gateway) since it knows A.B.C.0/24 is reachable locally using "lo" (since no program will answer, internalli you will get a timeout, but nooce will care)

this is not the best way to block traffic to an ip address, but works.

I would do instead
iptables -I INPUT -s A.B.C.D -j DROP

and that's all. it's better since it will drop packets al soon as they try to enter to the server, while the routing solution will even reach your internal servers but will be answered to your "lo" interfase, therefore making invalid answers that timeout
0
 
bryanlloydharrisAuthor Commented:
Thanks!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now