How can I block an IP or range of IP address using Bastille Firewall? I am using ISPConfig 3 on centos 5.5 Richard
The bastille Firewall is used to open / close ports on your server. If you want to block a IP, I would use the route command. See ISPConfig FAQ: http://www.faqforge.com/linux/how-to-block-access-to-a-server-by-ip-address-on-linux/
Hi Till, Using "man route" in Centos shows Code: reject install a blocking route, which will force a route lookup to fail. This is for example used to mask out net- works before using the default route. This is NOT for firewalling. Why they say "not for firewalling" I'm not sure...but instead of that, I've been adding IP's to block to my pre-chain-split.sh file in the /etc/Bastille/firewall.d directory (ISPConfig2) and it works great. For example to block a class C add the following: iptables -A INPUT -s 123.456.789.0/24 -j DROP and then restart Bastille: /etc/init.d/bastille-firewall restart Hope this helps!
Hi, I do not see that file under ISPConfig 3 .. please let me know. If I add the rules using command line, and if server restarts, will those rules be applicable? Richard
If we want to use iptables, how can we add our own rules after the bastille rules applied? Is there any file that we can paste our 'after' rules? My solution so far is to use /etc/rc.local but is it ok? I am using debian 6, Ispconfig 3.0.3.2
