[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Blocking access to a subnet

I get an invalid argument from iptables when I try that.  Here is how I
did it

[tomcat at sam-service tomcat]$ for i in 5 6 7 8 9 10 11 12 13 15 16 17 18
19 20
> do
> sudo /sbin/iptables -A OUTPUT -p tcp -s -d
10.0.${i}.0/24  -j REJECT --reject-with tcp-reset
> done
[tomcat at sam-service tomcat]$ telnet 80
telnet: connect to address Connection refused
[tomcat at sam-service tomcat]$ telnet 80
Connected to
Escape character is '^]'.
telnet> quit

The logic behind that rule states that if the ppp interface is down then
the kernel will try and route packets out of eth0 to the default
gateway.  Eth0's address is  So if the source is then the ppp interface obviously is not up.  The test
after I applied the rules showed that it worked great.  The only
downside is that I had to know what the eth0 address is.  This means
that on a server with DHCP if I use this rule I need to get that address
before applying this rule.

On Mon, 2007-04-09 at 17:02 -0600, JK wrote:
> Christopher Fowler wrote:
> [snip]
> > Is there a way I can say
> > on the server that any packet destined for going out of eth0
> > to be rejected automatically?  These packets would be generated
> > internally.
>    iptables -I OUTPUT -o eth0 -d -j REJECT
> perhaps?
> -- JK
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale