The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF Firewall blocking a range of IPs

Discussion in 'General Discussion' started by arrow02, Jan 17, 2004.

  1. arrow02

    arrow02 Active Member

    Joined:
    Feb 23, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    I would like to block the I.Ps of a certain ISP.

    I am using APF Firewall.

    Can someone tell me how to block this list of I.Ps?

    Or possible tell me where to find an example of how to block a range of I.Ps with APF.

    Thanks for the help,
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    From http://www.rfxnetworks.com/apf/README

    For a whole ISP you need to establish their network blocks (from ARIN/APNIC/RIPE) and then list them in your /etc/apf/deny_hosts.rules, usefully the IP assignators tell you the CIDR's to use.
     
  3. arrow02

    arrow02 Active Member

    Joined:
    Feb 23, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Thanks chirpy,

    I somehow missed that.

    I believe this is the block of ips I want to block:
    inetnum: 203.197.0.0 - 203.197.255.255

    Would you happen to know how I would list them in /etc/apf/deny_hosts.rules?

    Sorry this is somewhat new to me.

    Thanks again for your help
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If I've got it right, that would be an entire B class which would be:

    203.197.0.0/16

    Regards,
    Jonathan
     
  5. homeuser55

    homeuser55 Active Member

    Joined:
    Feb 16, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Wisconsin
    chirpy,

    Do you know of a script that will check incoming IP's and determine if they are attacking, then auto block them if they are attacking and also send an email of the attacking IP’s?
     
  6. arrow02

    arrow02 Active Member

    Joined:
    Feb 23, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    APF Firewall Blocking

    Thank you again chirpy,

    I added the IP you gave me at the bottom of /etc/apf/deny_hosts.rules.

    Can you tell me is this correct?

    Thanks a lot.



    ##
    # deny_hosts
    #
    # Trust based rule file to define addresses that are granted all or specific
    # access through the firewall.
    #
    # Format of this file is line-seperated addresses, IP masking is supported.
    # Example:
    # 24.202.16.11
    # 24.202.11.0/24
    #
    # advanced usage
    #
    # The trust rules can be made in advanced format with 4 options
    # (proto:flow:port:ip);
    # 1) protocol: [packet protocol tcp/udp]
    # 2) flow in/out: [packet direction, inbound or outbound]
    # 3) s/d=port: [packet source or destination port]
    # 4) s/d=ip(/xx) [packet source or destination address, masking supported]
    #
    # Flow assumed as Input if not defined. Protocol assumed as TCP if not defined.
    # When defining rules with protocol, flow is required.
    #
    # Syntax:
    # proto:flow:[s/d]=port:[s/d]=ip(/mask)
    # s - source , d - destination , flow - packet flow in/out
    #
    # Examples:
    # outbound to destination port 23 to destination 0.0.0.0 (any)
    # tcp:eek:ut:d=23:d=0.0.0.0
    #
    # inbound to destination port 80 from source 24.202.11.3
    # in:d=80:s=24.202.11.3
    #
    # inbound to destination port 27015 from 24.202.11.0/24
    # d=27015:s=24.202.11.0/24
    #
    ##
    203.197.0.0/16
     
  7. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Check out the antidos feature in APF: rfxnetworks.com
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Your /etc/apf/deny_hosts.rules looks good to me :)
     
  9. arrow02

    arrow02 Active Member

    Joined:
    Feb 23, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    APF Firewall Blocking

    I tried it earlier and when I restarted apf I got errors.
     
  10. arrow02

    arrow02 Active Member

    Joined:
    Feb 23, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    APF Firewall Blocking

    I also tried in:d=80:s=203.197.0.0/16

    Does anyone know how to configure this Blocking method for /etc/apf/deny_hosts.rules

    I understand the reluctances to post for this so if you do not want to post it her please PM me.

    I am just tired of playing cat-mouse with a hacker.
     
  11. I-Web

    I-Web Well-Known Member

    Joined:
    Jul 7, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    Hi all, i need to block an isp owning the following IP addresses

    64.113.96.0 - 64.113.127.255

    What would i need to enter into my deny hosts file to ensure they are blocked from everything on my servers?


    Thanks in advance
     
Loading...

Share This Page