Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
blocking an ip address
- Thread starter stfaprc
- Start date
I like the firewall better. The latter method requires that you rewrite the command every time you restart your network. If you write it to rc.local, it would be the last thing done and it only gets read at bootup. I can see scenarios where your route command wouldn't get loaded.
Hi stfaprc,
There is also the option of hosts.deny and hosts.allow files.
An example in the file would be:
This would block/refuse connection from all IP's in the 220.248.x.x and 60.12.x.x IP blocks.
Or you can use:
Then use the hosts.allow file to only allow IP blocks you want in.
Good Luck
DrD
There is also the option of hosts.deny and hosts.allow files.
An example in the file would be:
Code:
ALL : 220.248.
ALL : 60.12.This would block/refuse connection from all IP's in the 220.248.x.x and 60.12.x.x IP blocks.
Or you can use:
Code:
ALL : ALLThen use the hosts.allow file to only allow IP blocks you want in.
Good Luck
DrD
- Thread starter
- #4
As far as I have ever been able to tell they take effect right away.
On some distros you need to be careful about editing those files by hand - some systems have a security script that runs every hour and rewrites those files based on what's in the script. Any changes you make will be circumvented by that. I'm running shorewall on my system and I know that's one of them that seems to do it.
When I see something going on in a log that I don't like I use iptables to block it... iptables -A INPUT -s 44.55.66.123 -j DROP. As said by someone else - I do believe that's gone when the system is reloaded. In my case my system has been running for over a year without a reload so I don't have to mess with it very often.
On some distros you need to be careful about editing those files by hand - some systems have a security script that runs every hour and rewrites those files based on what's in the script. Any changes you make will be circumvented by that. I'm running shorewall on my system and I know that's one of them that seems to do it.
When I see something going on in a log that I don't like I use iptables to block it... iptables -A INPUT -s 44.55.66.123 -j DROP. As said by someone else - I do believe that's gone when the system is reloaded. In my case my system has been running for over a year without a reload so I don't have to mess with it very often.
- Thread starter
- #8
- Status