[WBEL-users] Block IP Address

Vincent.Raffensberger@dtn.com Vincent.Raffensberger@dtn.com
Sat, 1 May 2004 10:06:02 -0500 

This is a multipart message in MIME format.
--=_alternative 0053089A86256E87_=
Content-Type: text/plain; charset="US-ASCII"

In that example, the command will reject a network or block of addresses. 
You can use -host without the netmask to block a single address. 

You can view your routing table with 'route' or 'netstat -r'. 
The first two lines in this example are how rejected addresses will look: 

[root@host ~]# netstat -rn 
Kernel IP routing table 
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface 
200.17.89.34    -               255.255.255.255 !H        - -          - - 

207.218.164.15  -               255.255.255.255 !H        - -          - - 

192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 
eth1 
1.2.3.4         0.0.0.0         255.255.255.0   U        40 0          0 
eth0 
127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 
lo 
0.0.0.0         1.2.3.1         0.0.0.0         UG       40 0          0 
eth0 

The reject rule is the same as adding a host or network with a gateway to 
your loopback. 



"Richard Swift" <rs@swift-technologies.net> 
Sent by: whitebox-users-admin@beau.org
04/30/2004 07:53 PM

To
whitebox-users@beau.org
cc

Subject
[WBEL-users] Block IP Address






I really appreciate the help from all.  How would I go about checking if a
reject route already exists?

When I do a man on ROUTE one of the examples is :
route add -net 10.0.0.0 netmask 255.0.0.0 reject


I don't want to change the state if it is already configured.


Richard Swift
678.524.7582
_______________________________________________
Whitebox-users mailing list
Whitebox-users@beau.org
http://beau.org/mailman/listinfo/whitebox-users


--=_alternative 0053089A86256E87_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">In that example, the command will reject
a network or block of addresses. &nbsp;You can use -host without the netmask
to block a single address.</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
You can view your routing table with 'route' or 'netstat -r'.</font><font size=3>
</font><font size=2 face="sans-serif"><br>
The first two lines in this example are how rejected addresses will look:</font><font size=3>
<br>
</font><font size=2><tt><br>
[root@host ~]# netstat -rn</tt></font><font size=3> </font><font size=2><tt><br>
Kernel IP routing table</tt></font><font size=3> </font><font size=2><tt><br>
Destination &nbsp; &nbsp; Gateway &nbsp; &nbsp; &nbsp; &nbsp; Genmask &nbsp;
&nbsp; &nbsp; &nbsp; Flags &nbsp; MSS Window &nbsp;irtt Iface</tt></font><font size=3>
</font><font size=2><tt><br>
200.17.89.34 &nbsp; &nbsp;- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
255.255.255.255 !H &nbsp; &nbsp; &nbsp; &nbsp;- - &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;- -</tt></font><font size=3> </font><font size=2><tt><br>
207.218.164.15 &nbsp;- &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
255.255.255.255 !H &nbsp; &nbsp; &nbsp; &nbsp;- - &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;- -</tt></font><font size=3> </font><font size=2><tt><br>
192.168.1.0 &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.0
&nbsp; U &nbsp; &nbsp; &nbsp; &nbsp;40 0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0
eth1</tt></font><font size=3> </font><font size=2><tt><br>
1.2.3.4 &nbsp; &nbsp; &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp;
255.255.255.0 &nbsp; U &nbsp; &nbsp; &nbsp; &nbsp;40 0 &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;0 eth0</tt></font><font size=3> </font><font size=2><tt><br>
127.0.0.0 &nbsp; &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.0.0.0
&nbsp; &nbsp; &nbsp; U &nbsp; &nbsp; &nbsp; &nbsp;40 0 &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;0 lo</tt></font><font size=3> </font><font size=2><tt><br>
0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 1.2.3.1 &nbsp; &nbsp; &nbsp; &nbsp;
0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; UG &nbsp; &nbsp; &nbsp; 40 0 &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;0 eth0</tt></font><font size=3> <br>
</font><font size=2><tt><br>
The reject rule is the same as adding a host or network with a gateway
to your loopback.</tt></font><font size=3> </font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>&quot;Richard Swift&quot;
&lt;rs@swift-technologies.net&gt;</b> </font>
<br><font size=1 face="sans-serif">Sent by: whitebox-users-admin@beau.org</font>
<p><font size=1 face="sans-serif">04/30/2004 07:53 PM</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">whitebox-users@beau.org</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">[WBEL-users] Block IP Address</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>I really appreciate the help from all. &nbsp;How would
I go about checking if a<br>
reject route already exists?<br>
<br>
When I do a man on ROUTE one of the examples is :<br>
route add -net 10.0.0.0 netmask 255.0.0.0 reject<br>
<br>
<br>
I don't want to change the state if it is already configured.<br>
<br>
<br>
Richard Swift<br>
678.524.7582<br>
_______________________________________________<br>
Whitebox-users mailing list<br>
Whitebox-users@beau.org<br>
http://beau.org/mailman/listinfo/whitebox-users<br>
</tt></font>
<br>
--=_alternative 0053089A86256E87_=--