Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th April 2007, 13:33
mccharlet mccharlet is offline
Senior Member
 
Join Date: Feb 2007
Posts: 261
Thanks: 60
Thanked 10 Times in 7 Posts
Default Blacklist on firewall

Hi,

My server is hacked by ip addess from Russian.

I want create un blacklist from my firewall for blocked all services from this address
__________________
Thanks
Cédric

Sorry for my english

Hosting : http://www.jheberge.ch
Reply With Quote
Sponsored Links
  #2  
Old 16th April 2007, 15:09
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

To block all traffic from an IP address...

mkdir /etc/Bastille/firewall.d
cd /etc/Bastille/firewall.d
touch post-rule-setup.sh

Now edit post-rule-setup.sh with your favorite editor and put the following line in it...

/sbin/iptables -I INPUT -s ipaddress -j DROP

Save the file and restart Bastille with...

/etc/init.d/bastille-firewall restart

This works with Fedora core 3, locations may be different for your system.
Reply With Quote
  #3  
Old 16th April 2007, 15:45
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 3 Times in 3 Posts
Default

Cant you just add it to hosts.deny?
Reply With Quote
  #4  
Old 16th April 2007, 15:58
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by alexillsley
Cant you just add it to hosts.deny?
He asked how do do it from the firewall.

The end result from the firewall is all packets are dropped on all ports with no response. The visiting IP just sits there wondering what happened to the packets that were sent.

Plus, I do believe that hosts.deny only works on services run with the tcp wrapper.

Last edited by Hawker; 16th April 2007 at 16:00.
Reply With Quote
  #5  
Old 16th April 2007, 17:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,446
Thanks: 813
Thanked 5,216 Times in 4,089 Posts
Default

Another way to stop access from certail IP addresses is to use the rout command:

/sbin/route add -host 123.123.123.123 reject

This should also work with all services. The dropped routes will be reset when you restart your server. This can be positive and negative. In case you shut out yourself from the server, it is good to know that a reboot may solve the probelm when your server is hosted in a datacenter
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 21st April 2007, 14:59
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 3 Times in 3 Posts
Question

Would this work with a hostname
e.g
Quote:
/sbin/route add -host test.com reject
Reply With Quote
  #7  
Old 21st April 2007, 15:37
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by alexillsley
Would this work with a hostname
e.g
No. Route only works with IP addresses.

Since this topic came up again, I prefer "DROP" over "REJECT" for the simple reason that if you are blocking an IP address they've had to have done, or tried to do something really bad to your system. I see no reason to be polite to them and tell them they've been rejected.

Last edited by Hawker; 21st April 2007 at 15:41.
Reply With Quote
The Following User Says Thank You to Hawker For This Useful Post:
alexillsley (21st April 2007)
  #8  
Old 21st April 2007, 16:00
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 3 Times in 3 Posts
Default

Thanks,
Does this work with a host name?
Quote:
/sbin/iptables -I INPUT -s ipaddress -j DROP
Reply With Quote
  #9  
Old 21st April 2007, 16:06
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Again, no. iptables only works on IP addresses.
Reply With Quote
  #10  
Old 21st April 2007, 16:09
alexillsley alexillsley is offline
Senior Member
 
Join Date: Dec 2006
Posts: 396
Thanks: 27
Thanked 3 Times in 3 Posts
 
Default

----- expired ----

Last edited by alexillsley; 15th November 2010 at 12:44.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
High Availability (Load Balancing) behind a firewall geek.de.nz Server Operation 7 4th January 2011 13:58
Firewall webfrontend planet_fox Technical 5 21st March 2007 11:43
Question about Bind and ISP-COnfig Firewall denmaus Installation/Configuration 1 23rd February 2007 16:00
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12


All times are GMT +2. The time now is 06:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.