270 lines
4.2 KiB
HTML
270 lines
4.2 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Deny access to some address</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Networking Firewall -Masquerading and Forwarding"
|
|
HREF="Masq-forward.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configure script for Example Gateway Server"
|
|
HREF="chap12sec106.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="IPCHAINS Administrative Tools"
|
|
HREF="chap12sec108.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap12sec106.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 12. Networking Firewall -Masquerading and Forwarding</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap12sec108.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN6886"
|
|
>12.4. Deny access to some address</A
|
|
></H1
|
|
><P
|
|
> Sometimes you'll know an address that you would like to block from having any access at all to your server. You can do that by creating
|
|
the <TT
|
|
CLASS="filename"
|
|
>rc.firewall.blocked</TT
|
|
> file under <TT
|
|
CLASS="filename"
|
|
>/etc/rc.d/</TT
|
|
> directory and uncomment the following
|
|
lines in your firewall rules scripts file:
|
|
</P
|
|
><P
|
|
> Edit your firewall scripts file <B
|
|
CLASS="command"
|
|
>vi</B
|
|
> <TT
|
|
CLASS="filename"
|
|
>/etc/rc.d/init.d/firewall</TT
|
|
> and uncomment the following lines:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> if [ -f /etc/rc.d/rc.firewall.blocked ]; then
|
|
. /etc/rc.d/rc.firewall.blocked
|
|
fi
|
|
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> Create the rc.firewall.blocked file <B
|
|
CLASS="command"
|
|
>touch</B
|
|
> /etc/rc.d/rc.firewall.blocked and add inside this file all the <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
> addresses that you want to block from having any access to your
|
|
server at all:
|
|
For example, I put the following IP addresses in this file:
|
|
</P
|
|
><DIV
|
|
CLASS="example"
|
|
><A
|
|
NAME="AEN6898"
|
|
></A
|
|
><P
|
|
><B
|
|
>Example 12-1. <TT
|
|
CLASS="filename"
|
|
>rc.firewall.blocked</TT
|
|
></B
|
|
></P
|
|
><P
|
|
>
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> 204.254.45.9
|
|
187.231.11.5
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></DIV
|
|
><P
|
|
> Further documentation, more details, there are several man pages you can read:
|
|
<P
|
|
></P
|
|
><UL
|
|
><LI
|
|
STYLE="list-style-type: open circle"
|
|
><P
|
|
> <SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>ipchains</SPAN
|
|
>(8)</SPAN
|
|
> - <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
> firewall administration
|
|
</P
|
|
></LI
|
|
><LI
|
|
STYLE="list-style-type: open circle"
|
|
><P
|
|
> <SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>ipchains-restore</SPAN
|
|
>(8)</SPAN
|
|
> - restore <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
> firewall chains from stdin
|
|
</P
|
|
></LI
|
|
><LI
|
|
STYLE="list-style-type: open circle"
|
|
><P
|
|
> <SPAN
|
|
CLASS="citerefentry"
|
|
><SPAN
|
|
CLASS="refentrytitle"
|
|
>ipchains-save</SPAN
|
|
>(8)</SPAN
|
|
> - save <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
> firewall chains to stdout
|
|
</P
|
|
></LI
|
|
></UL
|
|
>
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap12sec106.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap12sec108.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configure script for Example Gateway Server</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="Masq-forward.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><TT
|
|
CLASS="literal"
|
|
>IPCHAINS</TT
|
|
> Administrative Tools</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |