This will work on must linux based systems I imagine. It is blocking an IP, by routing all responses through 127.0.0.1. So instead of sending the response packets it just eats them. This is done by adding a static route which directs the traffic no where.
route add -host 1.1.1.1 netmask 0.0.0.0 lo
Ok so in this example, replace 1.1.1.1 with the offending IP. You can do the same thing with FreeBSD but it's a little different and IMHO makes more sense. I will post that solution later.
This is a quick and dirty solution...never use this as a permanent firewall.
Monday, November 10, 2008
Poor man's firewall ( debian )
Subscribe to:
Post Comments (Atom)
1 comment:
Thank you so much for your brilliant article.
I just wrote a tutorial on how to set up Arno IPTABLES firewall.
May be it may help someone to setup his own firewall based on IPTABLES.
This is the best firewall.
In my tutorial you can find some examples for a mail server and for a Proxy server using SNAT and port forwarding.
The location of my tutorial is here:
http://cosmolinux.no-ip.org/raconetlinux2/arno_iptables_firewall.html
I wish it is useful to someone.
Post a Comment