Find the answer to your Linux question:
Results 1 to 3 of 3
Hey everyone, I am in a need of a little assistance. I know the basic workings of iptables but I having trouble and always have had trouble with the subnetting ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2007
    Posts
    2

    Firewall help


    Hey everyone, I am in a need of a little assistance. I know the basic workings of iptables but I having trouble and always have had trouble with the subnetting part. I run a shoutcast server on port 8000 on an internal machine and able to pass through from the outside world to that machine. Now there have been quite a few people trying to find open proxys and trying to hack my server with a script for a bug in 1.9.4, luckily I have the latest version of Shoutcast, 1.9.8 running. Anyways I want to ban these people's subnets as it's just a pain seeing the same request from the same groups of ips.

    The range of ips I want to ban are
    61.143.0.0 - 61.143.255.255
    219.131.0.0 - 219.131.255.255
    59.33.0.0 - 59.33.255.255
    59.39.0.0 - 59.39.255.255
    85.176.0.0 - 85.176.255.255
    85.214.0.0 - 85.176.255.255

    Funny enough the first four are from China and are all the ones searching for the proxy connection while the last two are from Germany and are the script kiddies. Anyways any help with this would be appreciated.

    Matt

  2. #2
    Just Joined! bzyk's Avatar
    Join Date
    Jun 2007
    Posts
    1
    You can do it typing;
    iptables -I INPUT -s 61.143.0.0/16 -j DROP
    on shoutcast machine, or
    iptables -I FORWARD -s 61.143.0.0/16 -j DROP
    on router.
    Of course this is simplest rulez, and you can use REJECT or -A options....
    And any networks you write in port are /16 netmask.

  3. #3
    Just Joined!
    Join Date
    Jun 2007
    Posts
    2

    Firewall Rules

    Quote Originally Posted by bzyk View Post
    You can do it typing;
    iptables -I INPUT -s 61.143.0.0/16 -j DROP
    on shoutcast machine, or
    iptables -I FORWARD -s 61.143.0.0/16 -j DROP
    on router.
    Of course this is simplest rulez, and you can use REJECT or -A options....
    And any networks you write in port are /16 netmask.
    Thanks for the reply.. I originally tried that but I wasn't sure that it was correct and just wanted to make sure. I did the /16 subnet for all of those IP's and when I do a iptables -L it shows the following rules.. let me know if you can if this is correct.

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP all -- 85.214.0.0/16 anywhere
    DROP all -- e176000000.adsl.alicedsl.de/16 anywhere
    DROP all -- 0.0.39.59.broad.fs.gd.dynamic.163data.com.cn/16 anywhere
    DROP all -- 0.0.33.59.broad.zs.gd.dynamic.163data.com.cn/16 anywhere
    DROP all -- 0.0.131.219.broad.hz.gd.dynamic.163data.com.cn/16 anywhere
    DROP all -- 61.143.0.0/16 anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Thanks again,
    Matt

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •