[Shorewall-users] dropping an entire subnet

John Andersen jsa at norcomix.dyndns.org
Sun Sep 7 14:41:47 PDT 2003


On Sunday 07 September 2003 11:13 am, Nick Sklavenitis wrote:
> Hey guys how would i use black list to drop all connections from the
> following network.
>
> cpe-66-8-169-249.hawaii.rr.com/66.8.169.249
>
> This is one of hundreds of ip that are similar currently killing my
> network with blaster attacks.

Add blacklist to your external interface (interfaces file)
Add the ip to the blacklist file.
You can ban the ip totally, or just for certain protocols.  
Read the comments in the blacklist file.
Then do shorewall reastart.
Or it might be in the faq.

But  why do you think you need this at all
if you are behind a shorewall firewall?  

Why would you have any ports open to the
net that blaster could use?

-- 
John Andersen - NORCOM
http://www.norcomsoftware.com/


More information about the Shorewall-users mailing list