[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] So, how *do* you block IP's or IP networks...
From:       Jon Trulson <jon () radscan ! com>
Date:       2011-12-01 3:23:34
Message-ID: alpine.DEB.2.02.1111302016510.7062 () l5 ! radscan ! com
[Download RAW message or body]

On Mon, 28 Nov 2011, Jon Trulson wrote:

> On Mon, 28 Nov 2011, G.W. Haywood wrote:
>
>> Hi there,
>>
>
> Hello,
>
>> On Sun, 27 Nov 2011 Jon Trulson wrote:
>>
>>> ... blocking specific IP's or IP ranges that were 'troublesome'
>>> ... How do I accomplish this in v2?
>>
>> Here's a sort of 'roll your own' solution, the kind that I prefer.
>>
[...]
>
> I think I've managed to get a similiar result by creating a new
> 'banned' address group containing the IP's/networks to ban, a service
> group that encompasses all ports in UDP/TCP, and then using them
> together in a DENY rule attached to external IPCop access section in
> FW rules.
>

Yeah - no.  That didn't work at all :)

However, it was pretty simple to 'roll my own' as it were.  I just
wrote a small shell script that issued the appropriate iptables
commands for CUSTOMINPUT, CUSTOMFORWARD, and CUSTOMOUTPUT based on a
text file containing IP's and IP ranges (CIDR).

This works very well :)

-- 
Jon Trulson

"The truth points to itself."  -- Kosh

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]