[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hosts.deny vs iptables



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 24 May 2006 14:27:20 -0400 Ed Kim <ed kim rhatbox com> wrote:

> CodeHeads wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno wolff to> wrote:
> > 
> >> On Wed, May 24, 2006 at 10:46:39 -0400,
> >>   CodeHeads <codeheads gmail com> wrote:
> >>> Ed,
> >>> Thank you, That what I was looking for to verify what I have learned so
> >>> far.
> >>>
> >>> Question on entering IP address in IPTables, say I want to add a range to
> >>> block the whole ip range of 10.0.0.0 (example of course)
> >>> Can I do this:
> >>> $iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP
> >>> OR
> >>> $iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP
> >> Either
> >> $iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP
> >> or
> >> $iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP
> >> will work.
> > 
> > Thank you Bruno.  Just wanted to verify about the wild cards.
> > 
> > Sorry for all the questions, IP's confuse me a bit. :) LOL
> > Say if I have a range of 222.96.0.0 - 222.122.255.255
> > Is there a calculator that will tell me the netmask??
> > 
> > Will
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.3 (GNU/Linux)
> > 
> > iD8DBQFEdIKLfw3TK8jhZrsRAg9PAKDKEOBc+B6hV98Yk14O7pt55+YlJwCg4f1o
> > 3HgXuIWAXRXipVlCR7AR4c0=
> > =zm19
> > -----END PGP SIGNATURE-----
> > 
> 
> Just a few things...
> you are appending to the FORWARD chain in the above example... I'm 
> guessing that this is correct and the webserver is NAT'd?  otherwise 
> you'd want to edit the INPUT chain.
> 
> I also use netmasks, but there is the capability to modify ranges as 
> follows..
> 
> iptables -A FORWARD -m iprange --src-range 222.96.0.0-222.122.255.255 -j 
> DROP
> (syntax may not be correct, see man iptables)


Thanks Kim, I will check that out. :)

Will
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEdKpHfw3TK8jhZrsRAi0nAJ9ZjWYcXv6eaSS9czAJ55LBVL/HOgCgjGmX
o19+0jbZRt9fNkZNu3WnTgg=
=3cvF
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]