Bobsuch Posted August 17, 2007 Share Posted August 17, 2007 Hey, I've read a lot of articles but I'm still somewhat confused. Say if I wanted to ban 120.*.*.*'s entire range. Would I input inside my firewall as this? 120.0.0.0/16 So it would ban all IP Addresses with 120 as the lead number? As some articles state that you put /32 or /64 at the end of the Address Link to comment Share on other sites More sharing options...
bfarber Posted August 17, 2007 Share Posted August 17, 2007 You could run this code at bash to add the ban to iptablesiptables -I INPUT -m iprange --src-range 120.0.0.0-120.255.255.255 -j DROP Link to comment Share on other sites More sharing options...
Axel Wers Posted August 17, 2007 Share Posted August 17, 2007 Say if I wanted to ban 120.*.*.*'s entire range. If you want to deny all your forum members with IP 120.*.*.* put to your .htaccess this:deny from 120 Link to comment Share on other sites More sharing options...
bfarber Posted August 17, 2007 Share Posted August 17, 2007 True, however, that means the request gets bubbled all the way up to the point where you reach a .htaccess file (which is relatively far into the request process). Banning via iptables stops the request before ever even reaching apache, preserving your resources much better. :) Link to comment Share on other sites More sharing options...
Axel Wers Posted August 17, 2007 Share Posted August 17, 2007 True, however, that means the request gets bubbled all the way up to the point where you reach a .htaccess file (which is relatively far into the request process). Banning via iptables stops the request before ever even reaching apache, preserving your resources much better. :) I'll remember this :) Link to comment Share on other sites More sharing options...
Bobsuch Posted August 17, 2007 Share Posted August 17, 2007 You could run this code at bash to add the ban to iptablesiptables -I INPUT -m iprange --src-range 120.0.0.0-120.255.255.255 -j DROP That would ban them from ever accessing the server? If they used a proxy, could they get past the iptables ban? Link to comment Share on other sites More sharing options...
bfarber Posted August 20, 2007 Share Posted August 20, 2007 Yes, it would ban them from accessing the server. Yes, if they used a proxy and thus visited your forum from a different IP, the ban would have no effect - this is the same with any ban method however. Link to comment Share on other sites More sharing options...
Bobsuch Posted August 20, 2007 Share Posted August 20, 2007 Yes, it would ban them from accessing the server. Yes, if they used a proxy and thus visited your forum from a different IP, the ban would have no effect - this is the same with any ban method however. Understood, thanks for your help Bfarber :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.