[svlug] Removing an entire subnet with iptables?

David E. Fox dfox at m206-157.dsl.tsoft.com
Sun Nov 9 10:21:02 PST 2003

Previous message: [svlug] Removing an entire subnet with iptables?
Next message: [svlug] Removing an entire subnet with iptables?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> On Sat, 2003-11-08 at 23:00, dfox wrote:

[snip]

> > OK so I am a newbie at iptables and filtering :).
> 
> > # iptables -A INPUT -p tcp -s 61.187.156/32 -j DROP
> > 
> > But that drops 61.187.0.156, not what I want.

David wrote:

> What you probably want is:
> iptables -A INPUT -p tcp -s 61.187.156.0/24 -j DROP
> 
> (BTW, I'm not an iptables guru, but I do know networking.)

That seems reasonable, and thank you for that concise explanation
of what /24 means etc. I get confused sometimes. 

Anyhow, that doesn't work, but we may be on the right track: iptables
says that 61.187.156.0 has host not found. I tried pinging some of the
subnets - they just hang (like 61.187.156.224), but others, such as
xxx.xxx.xxx.253 or xxx.xxx.xxx.241 garner a response. Could these be
dynamic IPs? I also tried pinging some of the IP addresses that had
multiple reports in access_log, and some of them just hang and don't
give a response. I don't think they've been blocked yet by portsentry.

Traceroute just shows numeric IPs once the route gets past wcg.net:

[root at m206-157 root]# traceroute 61.187.156.253
traceroute to 61.187.156.253 (61.187.156.253), 30 hops max, 38 byte packets
 1  gw206 (198.144.206.1)  11.044 ms  11.523 ms  11.416 ms
 2  gw1.rawbw.net (198.144.192.33)  11.658 ms  11.594 ms  11.452 ms
 3  f2-3-1-border1.sfo.wworks.net (69.1.65.33)  11.780 ms  10.500 ms  10.819 ms
 4  border1-fiberinternet-g4-3-0.pao1.wworks.net (69.1.65.74)  11.003 ms  12.348 ms  11.462 ms
 5  sntcca2lch2-gige8-8.wcg.net (64.200.150.141)  11.744 ms  11.607 ms  11.006 ms
 6  202.0.170.65 (202.0.170.65)  12.025 ms  18.233 ms  11.238 ms
 7  202.97.51.5 (202.97.51.5)  164.083 ms  151.055 ms  145.312 ms
 8  202.97.33.93 (202.97.33.93)  138.144 ms  140.847 ms  135.185 ms
 9  202.97.36.34 (202.97.36.34)  142.569 ms  140.048 ms  138.155 ms
10  202.97.35.18 (202.97.35.18)  156.329 ms  163.228 ms  157.786 ms
11  202.97.42.70 (202.97.42.70)  166.821 ms  178.755 ms  168.909 ms
12  61.187.255.73 (61.187.255.73)  167.679 ms  180.134 ms  170.689 ms
13  61.187.255.190 (61.187.255.190)  173.155 ms  179.154 ms  171.110 ms
14  61.187.171.241 (61.187.171.241)  162.259 ms  171.334 ms  162.025 ms
15  * * *
16  61.187.156.253 (61.187.156.253)  168.891 ms  166.834 ms  169.423 ms
[root at m206-157 root]# iptables -A INPUT -p tcp -s 61.187.156,0/24 -j DROP
iptables v1.2.8: host/network `61.187.156,0' not found
Try `iptables -h' or 'iptables --help' for more information.

 
> David Masten <dmasten at piratelabs.org>
------------------------------------------------------------------------
David E. Fox                              Thanks for letting me
dfox at tsoft.com                            change magnetic patterns
dfox at m206-157.dsl.tsoft.com               on your hard disk.
-----------------------------------------------------------------------

Previous message: [svlug] Removing an entire subnet with iptables?
Next message: [svlug] Removing an entire subnet with iptables?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list