Red Hat Networking - How to block access to an Internet Address with iptables?

Author

How to block access to an Internet Address with iptables?

Richard Gutery

2004-06-28, 7:33 pm

G'day.

I am form the Microsoft and OpenBSD world and have recently begun
using RH7.3 for my firewall.

I need to block an Internet Address.

In OpenBSD I would use -> 'block out quick on ethx ...'

I have theses two rules in my iptables file:

$IPT -t filter -A INPUT -p tcp -s 0/0 -d 64.246.26.185 --dport 80 -m
limit --limit 2/minute -j $STOP
$IPT -t filter -A OUTPUT -p tcp -s 64.246.26.185 -d 0/0 --dport 80 -m
limit --limit 2/minute -j $STOP

$STOP and $IPT are macro substitutions that works for everything else,
so I know that's not the problem.

What am I missing or do I have to learn more?

tx in advance.

RG

fluffy

2004-06-29, 3:16 am

rgutery@mentorits.com (Richard Gutery) wrote in
news:627e5b72.0406281321.729a8fbf@posting.google.com:

> G'day.
>
> I am form the Microsoft and OpenBSD world and have recently begun
> using RH7.3 for my firewall.
>
> I need to block an Internet Address.
>
> In OpenBSD I would use -> 'block out quick on ethx ...'
>
> I have theses two rules in my iptables file:
>
> $IPT -t filter -A INPUT -p tcp -s 0/0 -d 64.246.26.185 --dport 80 -m
> limit --limit 2/minute -j $STOP
> $IPT -t filter -A OUTPUT -p tcp -s 64.246.26.185 -d 0/0 --dport 80 -m
> limit --limit 2/minute -j $STOP
>
> $STOP and $IPT are macro substitutions that works for everything else,
> so I know that's not the problem.
>
> What am I missing or do I have to learn more?
>
> tx in advance.
>
> RG
>

RG,

Give bastille a try. It's available on www.bastille-linux.org and it
does work wonders. Also, you get a good tutorial on Unix security while
you set it up.

HTH