Derrick 'dman' Hudson <[EMAIL PROTECTED]> writes: > On Fri, Jun 28, 2002 at 11:30:00AM -0400, Brian P. Flaherty wrote: > | This works for me: > | > | ipchains -A input -s 12.27.41.66 -j DENY -l > > Does this send back a "connection refused" packet? I forget what the > target names are for ipchains, but with iptables you want to use > "DROP" instead of "REJECT".
This drops it, no ICMP message is sent back. From the manpage: ACCEPT means to let the packet through. DENY means to drop the packet on the floor. REJECT means the same as drop, but is more polite and easier to debug, since an ICMP message is sent back to the sender indicating that the packet was dropped. (Note that DENY and REJECT are the same for ICMP packets.) > > Here's a script for iptables that reads a blocklist of ip addresses > from a set of files and DROPs all packets from them. [ the rest deleted ] That is really great. I have a file that simply contains line after line of 'ipchains -A... ' for each address to be blocked. At least I created the file in Emacs and didn't type most of it! It is much more elegant to have a file of blocked IP's. (And for some reason, I am usually not just happy with 'works', I prefer elegance.) And then scripts to pull new blocked IP's to add to the list. Wonderful! Have a great day. Brian Flaherty -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
