[NBLUG/talk] denying specific hosts via bastille-based firewall?

augie schwer at sonic.net
Mon Apr 21 13:00:04 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kyle Rankin wrote:
> On Mon, Apr 21, 2003 at 11:29:57AM -0700, Daniel Smith wrote:
>>What's a good way to drop certain IP addresses at
>>the firewall level, as opposed to bouncing them
>>from Apache?
> If your machine supports iptables, then the command would be:
> iptables -A INPUT -s 12.34.56.78 -j REJECT

note though that REJECT is different than DROP. from the iptables man page:

"REJECT
This is used to send back an error packet in response to the matched
packet: otherwise it is equivalent to DROP ..."

i use DROP as the default in my firewall rules because it limits the
likelihood of someone just stumbling across me. your needs are probably
different though.

augie.


- --
irc.nblug.org #nblug
registered linux user #229905
gpg public key: http://www.sonic.net/schwer/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE  2AC3 CB99 2784 27B0 C072

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+pE4ey5knhCewwHIRAn13AKCwUO8CQzYgXkmgwEUqFYUaihV68gCfXYAu
H7uQ6QT9TA4szmHscSgNc7U=
=fQxb
-----END PGP SIGNATURE-----




More information about the talk mailing list