[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] ipchains.......

Subject: Re: [cobalt-users] ipchains.......
From: flash22@xxxxxxx
Date: Sat Jan 12 18:22:02 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 12 Jan 2002, Mike Smith wrote:

> Need a quick solution.....we need to block all IP's and traffic to a server 
> with the exception of one specific IP block. How can this be done?

It might be wasier to just manipulate the routing tables...

Something like:

add the route to the specific ip range as the outbound route

 route add -net specificip netmask 255.255.255.0 dev eth0

[assuming /C, adjust netmask accordingly]
then delete the default route to the internet, leaving only the static
route

route del default gw eth0

I'm assuming you have a gateway already defined for eth0 ;P

If you must use ipchains, you can do it something like this

ipchains -A input -i eth0 -s ! specificip/24 -j REJECT

! means everything except this address range...
If you use bash, you probably need \! btw (! is special to bash)

making assumptions you have ipchain support enabled etc here ;P

gsh

References:
- [cobalt-users] ipchains.......
  - From: Mike Smith

Prev by Date: Re: [cobalt-users] Port 111 Attack
Next by Date: Re: [cobalt-users] Port 111 Attack
Previous by thread: [cobalt-users] ipchains.......
Next by thread: [cobalt-users] db1-devel what version on RAQ4?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index