Thread: still fail

Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13

    still fail in blocking IP


    I added the following line in /etc/sysconfig/ipchains

    ipchains -A input -i eth0 -s 216.239.46.0/24 -j DENY

    and then

    /etc/rc.d/init.d/ ipchains restart

    shutdown -r now!

    AM I right????

    NO. it does not filter anything IP with 192..... at all, I just tried o/

    m

    sbin/ipchains -A input -i eth0 -p tcp -s 216.239.46.0/24 -d 192.168.1.99 0:65535 -j DENY

    sbin/ipchains -A input -i eth0 -p tcp -s blockbadip -d 192.168.1.99 0:65535 -j DENY

    why such rule still have "FAIL"???? MY aims to block this IP or a
    set of IP from the router do NAT.



    I follow this, still I fail. poor me

    http://groups.google.com/groups?hl=e...ub3.rc.vix.com

    /sbin/ipchains -A output -d 216.239.46.0/24 -j REJECT in ipchains

    ./.......ipchains restart

    error msg:

    Flushing all current rules and user defined chains: [ OK ]
    Clearing all current rules and user defined chains: [ OK ]
    Applying ipchains firewall rules: Try `/sbin/ipchains -h' or '/sbin/ipchains --
    ipchains command /sbin/ipchains -A output -d 216.239.46.0/24 -j REJECT failed
    This is /sbin/ipchains-restore v1.1.2
    If this is the latest version of ipchains-restore, and the input
    was created using the latest version of ipchains-save, then I'd
    really appreciate a bug report. Please send the input you used,
    and all the output from this program to the author,
    `ipchains@rustcorp.com' with `BUG-REPORT' in the subject
    line so I know to read the message.

    Apologies for the inconvenience,
    Paul ``Rusty'' Russell.
    [FAILED]

    __________________
    regards,
    Last edited by pentium5; December 31st, 2001 at 09:14 AM.
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?
  2. #2
  3. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14

    Thumbs down Just what r u doing?


    Code:
    ipchains -A input -i eth0 -s 216.239.46.0/24 -j DENY
    it does not filter anything IP with 192..... at all, I just tried o/
    What? Why should -s 216.239.46.0/24 block addresses with 192...?

    What do you want to achieve, anyway?

    I added the following line in /etc/sysconfig/ipchains

    ipchains -A input -i eth0 -s 216.239.46.0/24 -j DENY
    Read this one (taken from http://www.redhat.com/docs/manuals/l...sysconfig.html):
    The /etc/sysconfig/ipchains file contains information used by the kernel to set up ipchains rules regarding packet filtering.

    This file is modified by running the service ipchains save command when valid ipchains rules are in place. You should not manually edit this file. Instead, use the ipchains command to configure the necessary packet filtering rules and then save the rules to this file.
    So you shouldn't change it. And your change was imnsho wrong, too.

    Finally:
    Try searching for web sites in Google first. Then, if you don't find anything, you can try other sources. Newsgroup posts are not a good way of learning things, unless your question is exactly the one discussed in the NG. Read the ipchains HOWTO before you start using ipchains.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13
    I dropped him on the floor now! thk! and I will delete this security reasons.
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?
  6. #4
  7. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> I dropped him on the floor now!

    Why you block googlebot.com? If you want people to able to find your site, don't block google spider.

    >> Try searching for web sites in Google first

    He doesn't like google. Haha..
    That IP block (216.239.46.0/24) maps to google spider.

    Anyway, if you just don't like google spider to appear in your access_log, instead of blocking them, just do like so:

    LogFormat "%h %a %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" log_this
    BrowserMatchNoCase ^Googlebot good_robot_but_dont_log
    CustomLog /path/to/access_log log_this env=!good_robot_but_dont_log

    If you don't want to see 404 error when spiders asking for /robots.txt, just create robots.txt and put something like:

    User-agent: *

    in your docroot. Because there isn't any way to filter out particular 404 from your error_log unless you write a script and pipe your ErrorLog to such script.

    The whole thing is to accept google spiders, but don't log them, just to make your logs cleaner.
  10. #6
  11. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> Then why does he always look for stuff in groops.google.com?

    No idea. But if you read this thread from the beginning, he was trying to block google spider and thinking it's harmful and is a security thread to his site.

    Do you think googlebot is a good spider then?
  14. #8
  15. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13
    if someone is blocking your normal traffic, what will your boss ask u to do?

    if goggle is probing u all the times and it is not goggle but someone else, what will u do ?

    if someone is blocking to entrance to highway , what will u do?

    I am sure what I want to achieve with a little help( but a gaint step for me), I deleted ( mv ipchain from /etc/sysconfig/ to /etc);
    I then change the name to ipchains.rule. chmod +x . Vola, I dial out and then detect my ip address. Change the blocking IP in the ipchains. Read the text from RobertL.Ziegler. Read the goggle example. mark and rem out the ipchains.

    I block the incoming "my own ip" after I execute ./ipchains.rule.
    Re-test it and un-rem and test it again.

    I am sure what I am doing else I wont say "drop him on the floor" which was taken from goggle.

    thanks guys.
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?
  18. #10
  19. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14
    it is not goggle but someone else
    What???

    mv ipchain from /etc/sysconfig/ to /etc
    I hope you didn't do what I think you did. I hope you just removed your changes from /etc/sysconfig/ipchains and saved the file and didn't touch it again.

    text from RobertL.Ziegler
    Fine. Now tell us where this text from R. L. Ziegler is. The guy wrote a whole book.

    mark and rem out the ipchains
    No new comment on this, really.

    I still don't know what you have done. To block the address range that you named in your first post, doing once a
    Code:
    ipchains -A input -s 216.239.46.0/24 -j DENY
    ipchains -A output -d 216.239.46.0/24 -j DENY
    is enough, since this will be saved automatically to /etc/sysconfig/ipchains later on.

    Anyway, what are you doing all this for? Do you run a web server? Then you should like spiders. Otherwise make robots.txt files.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> if someone is blocking your normal traffic

    If googlebot is not the best robot on the net, then there is no such thing as robot.

    Googlebot don't block your traffic, it brings you more traffic so people can go to your site far more than their own bot traffic.

    To determine whether it's a legitimate Googlebot, they usually have http://www.googlebot.com/bot.html under the UserAgent field. And of course, the IP block of 216.239.46.0/24.

    I myself block all robots except googlebot.
    Here is my list (some might be good robots to you):

    BrowserMatchNoCase "^(.*libwww-perl|EmailSiphon|EmailWolf|LinkWalker|ExtractorPro|Mozilla.*NEWT|ProxyHunter|Crescent|Lockstep|Cherr yPicker|ia_archiver|WebBandit|WebEMailExtrac|NICErsPRO|Telesoft|Zeus.*Webster|Microsoft.URL|EmailCol lector|WebCopier|WebStripper|Rover|.*LWP|GetWebPage|SurfWalker|fastlwspider|Bullseye|attache|go-ahead-got-it|ASSORT|WebZIP|ScoutAbout|.*Harvest|ecollector|leech|WhosTalking|UtilMind|RepoMonkey|Digimarc|WebS nake|web.by.mail|Net.Vampire|disco|reget|.*prospector|PSurf|pavuk|IncyWincy|OpenTextSiteCrawler|Open find|searchterms\.it|sitecheck|ATHENS|Digger|MCspider|bew|Deweb|FEZhead|Fetch|Getleft|GetURL|.*HTTra ck|IBM_Planetwide|KWebGet|Monster|Mirror|NetCarta|OpaL|PackRat|PushSite|Rsync|Shai|Spegla|SpiderBot| SuperBot|tarspider|Templeton|WebCopy|WebMiner|webvac|webwalk|w3mir|XGET|WebReaper|WUMPUS|FAST-WebCrawler|Yandex|DIIbot)" bad_robot

    When it's a bad robot, it may just try to grab emails for later spam or grab your entire site which waste your bandwidth or some of them are trying to look for exploits.
    I also hate netcraft survey, so I blocked 195.92.95.0/24 at firewall level.

    >> it's probably just an example

    No, he's for real and that's what he intended to do in the first place. Originally he posted this thread to Apache forum but he was told by me to delete that thread (it was all about blocking googlebot). This thread is here because he wanted to do ipchains and block googlebot so I told him ipchains is off-topic in Apache forum.
  22. #12
  23. No Profile Picture
    Not there when you need me
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Oct 2001
    Location
    Berlin, Germany
    Posts
    1,430
    Rep Power
    14
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Because he wants to minimize the amount of bandwidth wasted for his site. Perhaps it's just like one of the reasons why I block netcraft at firewall level and drop them silently.
  26. #14
  27. #15
  28. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13
    [root@s1 /etc]# /etc/rc.d/init.d/ipchains restart
    Flushing all current rules and user defined chains: [ OK ]
    Clearing all current rules and user defined chains: [ OK ]
    Applying ipchains firewall rules: [ OK ]
    [root@s1 /etc]# ./ipchains.rules
    Chain input (policy ACCEPT):
    Chain forward (policy ACCEPT):
    Chain output (policy ACCEPT):
    [root@s1 /etc]# ./ipchains.rules
    Chain input (policy ACCEPT):
    target prot opt source destination ports
    DENY tcp ------ 216.239.46.0/24 s1.myserver.com any -> any
    Chain forward (policy ACCEPT):
    Chain output (policy ACCEPT):
    target prot opt source destination ports
    REJECT all ------ anywhere 216.239.46.0/24 n/a
    [root@s1/etc]#


    Code:
     ipchains-rules in /etc
    
    /sbin/ipchains -L                                                               
    /sbin/ipchains -F                                                               
    /sbin/ipchains -A input -i eth0 -p tcp -s 216.239.46.23/24 -d 192.168.1.19 0:655
    35 -j DENY                                                                      
    ##/sbin/ipchains -A input -i eth0 -p tcp -s blockip  -d  192.168.1.199  -j  DENY
                                                         
                                                                                    
              
                                                                                    
    /sbin/ipchains -A output -d 216.239.46.0/24 -j REJECT                           
                          
                                                                         
                                                                                    
    #/sbin/ipchains -A input -i eth0 -p tcp -d 192.168.1.19 80 -j DENY -l
    something is not right here?
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo