The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables and blocking large subnets

Discussion in 'General Discussion' started by Website Rob, Aug 8, 2003.

  1. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Ok, quick question on using iptables to block an entire range, or mask of IPs.

    I have a Spammer trying to used un-allocated IPs from sbcglobal.net to send through my Domain name. Yes, they are blocked through the anti-rely setup, but I want to shut them down!

    Not being that familiar (yet) with iptables, reading the MAN page tells me this:

    "-s, --source [!] address[/mask]
    Source specification. Address can be either a hostname, a network name, or a plain
    IP address. The mask can be either a network mask or a plain number, specifying the
    number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent
    to 255.255.255.0. A "!" argument before the address specification inverts the sense
    of the address. The flag --src is a convenient alias for this option."

    Now, if wanted to drop: 67.64.156.0 - 67.64.159.255, would I then use: !NET-67-64-156-0-1

    i.e., -I INPUT -s !NET-67-64-156-0-1 -j DROP

    Alternatively, I understand one can also create a: /etc/hosts.deny file. Not having created one before I'm not sure of the syntax to use or, if it would be applicable to this (denying eMail access) situation.


    Share your knowledge or experience and many will benefit from this thread -- myself included. :D

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    You should use this instead:

    iptables -I INPUT -s 67.64.156.0/22 -j DROP
    iptables-save

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page