Rules For Firewalls, Or How To Ban A Continent

[hesperus]

Couldn't find this posted, so here goes. Feel the power of banning a continent.

Rules For Firewalls

These rules are generated from RIPE LISTS, APNIC LISTS, LACNIC LISTS and ARIN LISTS.
Therefore IP address ranges of these countries [that] are not listed in mentioned LISTS cannot [be] list[ed] [in the rules] below.
As a consequence, note that [. . .] these lists cannot deny all IP-addresses of the above-mentioned countries.
But I think if use this, in almost cases, you can completely deny direct accesses from these countries.

These files are automatically updated around 6 p.m. GMT (7 p.m. CET, 2 a.m. HK/SIN) everyday.

[edited for sense -- Japanese site]

http://www.dayomon.net/fw/

[576869746568617]

Interesting...

know any ways to ban a bump troll?

[Godsrock37]

what do these lines mean?

iptables -A INPUT -i ppp0 -p all -s 58.14.0.0/15 -j DROP
iptables -A INPUT -i ppp0 -p all -s 58.16.0.0/16 -j DROP
iptables -A INPUT -i ppp0 -p all -s 58.17.0.0/17 -j DROP
iptables -A INPUT -i ppp0 -p all -s 58.17.128.0/17 -j DROP

i can identify the ip address and im assuming DROP is telling the system to drop the packet but aside from that im lost


Godsrock37

[kr5kernel]

-i is the interface, ppp0 means its a modem,
-p all means all protocols (tcp, udp)
-A is the chain, this means all packets coming into the machine
-s is the source ip address from which those packets come,
-j tells it waht to do if this rule is true (DROP,REJECT,ACCEPT)

check out 'man iptables' for more details.