Blacklist on firewall

Discussion in 'Installation/Configuration' started by mccharlet, Apr 16, 2007.

  1. mccharlet

    mccharlet Member HowtoForge Supporter


    My server is hacked by ip addess from Russian.

    I want create un blacklist from my firewall for blocked all services from this address
  2. Hawker

    Hawker New Member

    To block all traffic from an IP address...

    mkdir /etc/Bastille/firewall.d
    cd /etc/Bastille/firewall.d

    Now edit with your favorite editor and put the following line in it...

    /sbin/iptables -I INPUT -s ipaddress -j DROP

    Save the file and restart Bastille with...

    /etc/init.d/bastille-firewall restart

    This works with Fedora core 3, locations may be different for your system.
  3. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Cant you just add it to hosts.deny?
  4. Hawker

    Hawker New Member

    He asked how do do it from the firewall.

    The end result from the firewall is all packets are dropped on all ports with no response. The visiting IP just sits there wondering what happened to the packets that were sent.

    Plus, I do believe that hosts.deny only works on services run with the tcp wrapper.
    Last edited: Apr 16, 2007
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Another way to stop access from certail IP addresses is to use the rout command:

    /sbin/route add -host reject

    This should also work with all services. The dropped routes will be reset when you restart your server. This can be positive and negative. In case you shut out yourself from the server, it is good to know that a reboot may solve the probelm when your server is hosted in a datacenter :)
  6. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Would this work with a hostname
  7. Hawker

    Hawker New Member

    No. Route only works with IP addresses.

    Since this topic came up again, I prefer "DROP" over "REJECT" for the simple reason that if you are blocking an IP address they've had to have done, or tried to do something really bad to your system. I see no reason to be polite to them and tell them they've been rejected.
    Last edited: Apr 21, 2007
  8. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Does this work with a host name?
  9. Hawker

    Hawker New Member

    Again, no. iptables only works on IP addresses.
  10. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    ----- expired ----
    Last edited: Nov 15, 2010
  11. Hawker

    Hawker New Member

    Yes, it does work on CIDR ranges.

    I have to ask, are you trying to block emails with this? That's usually the only reason to block a address.
  12. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    No, i want to block a hacker, unfortunatley they have an dynamic ip, the only thing that doesnt change is there ISP:(
  13. Hawker

    Hawker New Member

    Ok, if someone is trying to hack into your system they are doing it on a specific port so follow my original instructions but change...

    /sbin/iptables -I INPUT -s ipaddress -j DROP


    /sbin/iptables -A INPUT -p tcp -s ipaddress --dport ## -j DROP

    ## is the port you want to block.
    ipaddress can be the full CIDR for the ISP ie:

    Either way works, but if you block the specific port you still allow valid traffic from that ISP. Unless of course it's the mail port.
  14. alexillsley

    alexillsley ISPConfig Developer ISPConfig Developer

    Hmm, it apears to be my router letting me down and not my server :( My router keeps breaking, i know the connection is fine becuase my modem works. Wishes router could ban ip. Thanks for your help anyway

Share This Page