Haim Dimermanas wrote: > > > > and also, how do i block out everything coming from 203.167.117.0/24? > > ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l > > ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l > > Pete, > > He says "coming from". Are you sure about the second line? Is it really > necessary?
You are right that the second rule isn't 100% needed but I feel paranoia is a Good Thing! :-) I should have explained that the second rule reduces the possibility of spoofed packets and communication back to the "blacklisted" IP block. I'm assuming that he did not want *any* traffic between his IP and the remote. I also should have also explained that the -l at the end will give him *more* of those log file entries that he originally asked about as it will log every time a packet is denied. In general, unless there is a unique problem with a particular IP block, this is a bad way to go about setting up a firewall. You'll spend your life trying to stamp out "bad" IP blocks, end up blocking legitimate users and always be a step behind the Bad Guys. Thanks for helping me clarify that. Pete
