« port utilization checkup. | Main | enabling mod_rewrite on apache. »

paranoid iptables: block that IP range for good.

as long as your iptables is saved regularly, this command is pretty useful for those IPs that just seem to linger and never go away. i have this problem with IPs in korea.

as such, i've implemented the following "paranoid" iptables rule which i consider pretty helpful to keep them out for good:

# iptables -t nat -I PREROUTING 1 -s 222.122.0.0/16 -j DROP

simply put, this bans the entire 222.122.x.x subnet on the NAT table and prevents any packets from coming in.

TrackBack

TrackBack URL for this entry:
http://www.ramblingsofasysadmin.com/cgi-bin/mt/mt-tb.cgi/28

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)