hosts.deny vs iptables
CodeHeads
codeheads at gmail.com
Wed May 24 18:47:35 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 24 May 2006 14:27:20 -0400 Ed Kim <ed.kim at rhatbox.com> wrote:
> CodeHeads wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wed, 24 May 2006 10:34:23 -0500 Bruno Wolff III <bruno at wolff.to> wrote:
> >
> >> On Wed, May 24, 2006 at 10:46:39 -0400,
> >> CodeHeads <codeheads at gmail.com> wrote:
> >>> Ed,
> >>> Thank you, That what I was looking for to verify what I have learned so
> >>> far.
> >>>
> >>> Question on entering IP address in IPTables, say I want to add a range to
> >>> block the whole ip range of 10.0.0.0 (example of course)
> >>> Can I do this:
> >>> $iptables -A FORWARD -p tcp -s 10. -i eth0 -j DROP
> >>> OR
> >>> $iptables -A FORWARD -p tcp -s 10.* -i eth0 -j DROP
> >> Either
> >> $iptables -A FORWARD -p tcp -s 10.0.0.0/8 -i eth0 -j DROP
> >> or
> >> $iptables -A FORWARD -p tcp -s 10.0.0.0/255.0.0.0 -i eth0 -j DROP
> >> will work.
> >
> > Thank you Bruno. Just wanted to verify about the wild cards.
> >
> > Sorry for all the questions, IP's confuse me a bit. :) LOL
> > Say if I have a range of 222.96.0.0 - 222.122.255.255
> > Is there a calculator that will tell me the netmask??
> >
> > Will
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.3 (GNU/Linux)
> >
> > iD8DBQFEdIKLfw3TK8jhZrsRAg9PAKDKEOBc+B6hV98Yk14O7pt55+YlJwCg4f1o
> > 3HgXuIWAXRXipVlCR7AR4c0=
> > =zm19
> > -----END PGP SIGNATURE-----
> >
>
> Just a few things...
> you are appending to the FORWARD chain in the above example... I'm
> guessing that this is correct and the webserver is NAT'd? otherwise
> you'd want to edit the INPUT chain.
>
> I also use netmasks, but there is the capability to modify ranges as
> follows..
>
> iptables -A FORWARD -m iprange --src-range 222.96.0.0-222.122.255.255 -j
> DROP
> (syntax may not be correct, see man iptables)
Thanks Kim, I will check that out. :)
Will
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEdKpHfw3TK8jhZrsRAi0nAJ9ZjWYcXv6eaSS9czAJ55LBVL/HOgCgjGmX
o19+0jbZRt9fNkZNu3WnTgg=
=3cvF
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list