Monday, November 10, 2008

Poor man's firewall ( debian )

This will work on must linux based systems I imagine. It is blocking an IP, by routing all responses through So instead of sending the response packets it just eats them. This is done by adding a static route which directs the traffic no where.

route add -host netmask lo

Ok so in this example, replace with the offending IP. You can do the same thing with FreeBSD but it's a little different and IMHO makes more sense. I will post that solution later.

This is a quick and dirty solution...never use this as a permanent firewall.

1 comment:

Eduard said...

Thank you so much for your brilliant article.
I just wrote a tutorial on how to set up Arno IPTABLES firewall.
May be it may help someone to setup his own firewall based on IPTABLES.
This is the best firewall.
In my tutorial you can find some examples for a mail server and for a Proxy server using SNAT and port forwarding.
The location of my tutorial is here:

I wish it is useful to someone.