[luau] MonMotha Firewall rules help
beesond001 at hawaii.rr.com
beesond001 at hawaii.rr.com
Tue Apr 9 13:42:50 PDT 2002
Aloha all,
I tried to go to the LyX web site today, but my firewall won't let me
get there. I was wondering if anyone could help. Here are the
particulars...
I am running MonMotha's Firewall version 2.3.8-pre4 on a RH Linux ver 7.2
machine.
My BLACKHOLE list contains some families of IP addresses that represent
"offenders" that I got tired of seeing in my log files... This list of
BLACKHOLED addresses for my firewall is:
BLACKHOLE="217.96.0.0/14 217.97.33.0/8 211.0.0.0/24 213.141.164.0/8
213.29.216.0/8 213.96.0.0/18 213.69.98.0/8 210.0.0.0/24 203.0.0.0/24
202.0.0.0/24 200.128.0.0/23 200.68.128.0/15 195.151.179.0/8
193.251.0.0/18 193.206.80.0/12 150.244.0.0/16 146.59.0.0/16
61.131.0.0/16"
The site I am trying to get to is: http://www.lyx.org and the host
command returns the following:
[ben at hawaii ben]$ host www.lyx.org
www.lyx.org. is an alias for baywatch.lyx.org.
baywatch.lyx.org. has address 213.203.58.29
[ben at hawaii ben]$
My initial guess is that I should be OK with my netmasks on the 213.X.X.X
addresses in the blackhole list because 213.203.X.X should not be
blocked, but when I ask the iptables command what part of 213.X.X.X is
really blocked I get something that makes me think otherwise.
[root at router root]# /sbin/iptables -L | egrep 'Chain|213'
Chain INPUT (policy DROP)
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
DROP all -- 213-96-0-0.uc.nombres.ttd.es/18 anywhere
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
Chain FORWARD (policy DROP)
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
DROP all -- 213-96-0-0.uc.nombres.ttd.es/18 anywhere
DROP all -- anywhere 213-96-0-0.uc.nombres.ttd.es/18
DROP all -- 213-0-0-0.uc.nombres.ttd.es/8 anywhere
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
Chain OUTPUT (policy ACCEPT)
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
DROP all -- anywhere 213-96-0-0.uc.nombres.ttd.es/18
DROP all -- anywhere 213-0-0-0.uc.nombres.ttd.es/8
[root at router root]#
This almost makes me want to think that for this case, the netmask works
left to right instead of right to left. By this I mean that inspite of
my intentions to netmask only a small portion of the 213.X.X.X family of
addresses it appears that I may have blackholed the entire family of 213
addresses.
Can anybody verify if this is correct? If so, what would be the best
way to slice out only a small portion of addresses that I want to
blackhole?
Thanks in advance,
Ben
More information about the LUAU
mailing list