[TriLUG] blocking one single host with ipchains
Nathan Conrad
conrad at bungled.net
Fri Sep 13 13:46:41 EDT 2002
WARNING: I only had 1 minute to write this response, and I've never
used ipchains.
That said, The 192.168.15.205/24 is an example of a CIDR network
address. The /24 means that the first 24 bits of the address to match
for the network address to match. Since the first 24 bits are the
192.168.15, the entire network was blocked. Try using /32 instead:
192.168.15.205/32
The IP address is 32 bits long. Each 'number' between the dots is 8
bits.
-Nathan
On Fri, Sep 13, 2002 at 01:31:16PM -0400, Greg Brown wrote:
> Using ipchains is there a way to block one specific host from an entire
> networok from communicating to the Internet? Here is my example showing the
> first two lines of ipchains which I thought worked (shown as if you were
> reading /etc/sysconfig/ipchains):
>
> -A forward -s 192.168.15.0/24 -d 0.0.0.0/000.0 -i eth0 -j MASQ
> -A input -s 192.168.15.205.205/24 -d 0.0.0.0/0.0.0.0 -j DENY
>
> NOTE: eth0 is the Internet connected interface, eht1 is the inside interface
>
> This ipchain appeared to work at first, but I later found that it was
> blocking ALL traffic from 192.168.15.x from entering the Linux box. I
> changed the input line to the following:
>
> -A input -s 192.168.15.205.205/24 -d 0.0.0.0/0.0.0.0 -i eth0 -j DENY
>
> I thought that putting the "-i eth0" in there might let everything in as far
> as the Linux box, but ipchains refused to work ('service ipchains restart'
> barfed for some reason).
>
> So I ended up disabling the whole chain by commenting out the entire line.
>
> Why did blocking 192.168.15.205/24 block the entire network? Any ideas? For
> reference sake how do you block one specific host with iptables?
>
> Thanks!
>
> Taking notes for a future how-to,
>
> Greg
>
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
--
Nathan J. Conrad (XXX)-687-7449 http://bungled.net
312 Moore Hall // UNC-C // Charlotte, NC 28223-0001
GPG: F4FC 7E25 9308 ECE1 735C 0798 CE86 DA45 9170 3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020913/aea142b9/attachment.pgp>
More information about the TriLUG
mailing list