Re: [cobalt-users] locking out IP's

["H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>]

Zeffie schrieb:

> /sbin/route add -host <ip-adress> reject
> from the man page
>        reject Modifier installs  a  blocking  route,  which  will
>               force  a route lookup to fail.  This is for example
>               used to mask out networks before using the  default
>               route.  This is NOT for firewalling.

Of course, it is not firewalling. Firewalling is much more
sophisticated, but more complicated, too.

It`s more a quick and dirty, but quite effective hack. The effect is
that all packets to this host are dropped. The server does not respond
anymore to the requesting host. It seems to be dead, a blackhole. This
affects all requests on all ports and on all assigned IP`s.

> which means I can write my name in the snow but I can't read it back or even
> know if I did it right...

I don`t understand ? You have doubts ?

You can try the effect, but be sure to be able to connect from another
IP to your server. If you have access over the internet, you should NOT
try it with your static ip.

To delete the used IP, use the same command but with "del" instead of
"add". You have to add "reject" as well (undocumented).

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

Apollo 13 - Commander : "Houston, we have a problem"
Win2000 - Administrator : "Redmond, we have 64000 problems"