[TriLUG] blocking one single host with ipchains
Fri, 13 Sep 2002 13:31:16 -0400
Using ipchains is there a way to block one specific host from an entire
networok from communicating to the Internet? Here is my example showing the
first two lines of ipchains which I thought worked (shown as if you were
-A forward -s 192.168.15.0/24 -d 0.0.0.0/000.0 -i eth0 -j MASQ
-A input -s 192.168.15.205.205/24 -d 0.0.0.0/0.0.0.0 -j DENY
NOTE: eth0 is the Internet connected interface, eht1 is the inside interface
This ipchain appeared to work at first, but I later found that it was
blocking ALL traffic from 192.168.15.x from entering the Linux box. I
changed the input line to the following:
-A input -s 192.168.15.205.205/24 -d 0.0.0.0/0.0.0.0 -i eth0 -j DENY
I thought that putting the "-i eth0" in there might let everything in as far
as the Linux box, but ipchains refused to work ('service ipchains restart'
barfed for some reason).
So I ended up disabling the whole chain by commenting out the entire line.
Why did blocking 192.168.15.205/24 block the entire network? Any ideas? For
reference sake how do you block one specific host with iptables?
Taking notes for a future how-to,