still fail

I added the following line in /etc/sysconfig/ipchains

ipchains -A input -i eth0 -s 216.239.46.0/24 -j DENY

and then

/etc/rc.d/init.d/ ipchains restart

shutdown -r now!

AM I right????

NO. it does not filter anything IP with 192..... at all, I just tried o/

m

sbin/ipchains -A input -i eth0 -p tcp -s 216.239.46.0/24 -d 192.168.1.99 0:65535 -j DENY

sbin/ipchains -A input -i eth0 -p tcp -s blockbadip -d 192.168.1.99 0:65535 -j DENY

why such rule still have "FAIL"???? MY aims to block this IP or a
set of IP from the router do NAT.



I follow this, still I fail. poor me

http://groups.google.com/groups?hl=...pub3.rc.vix.com

/sbin/ipchains -A output -d 216.239.46.0/24 -j REJECT in ipchains

./.......ipchains restart

error msg:

Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying ipchains firewall rules: Try `/sbin/ipchains -h' or '/sbin/ipchains --
ipchains command /sbin/ipchains -A output -d 216.239.46.0/24 -j REJECT failed
This is /sbin/ipchains-restore v1.1.2
If this is the latest version of ipchains-restore, and the input
was created using the latest version of ipchains-save, then I'd
really appreciate a bug report. Please send the input you used,
and all the output from this program to the author,
`ipchains@rustcorp.com' with `BUG-REPORT' in the subject
line so I know to read the message.

Apologies for the inconvenience,
Paul ``Rusty'' Russell.
[FAILED]

__________________
regards,

What? Why should -s 216.239.46.0/24 block addresses with 192...?

What do you want to achieve, anyway?


Read this one (taken from http://www.redhat.com/docs/manuals/...-sysconfig.html):

So you shouldn't change it. And your change was imnsho wrong, too.

Finally:
Try searching for web sites in Google first. Then, if you don't find anything, you can try other sources. Newsgroup posts are not a good way of learning things, unless your question is exactly the one discussed in the NG. Read the ipchains HOWTO before you start using ipchains.

I dropped him on the floor now! thk! and I will delete this security reasons.

Name one.

*edit*:
Do you really think that announcing deletion, then deleting will erase the info (if any, which is not the case here) completely?

>> I dropped him on the floor now!

Why you block googlebot.com? If you want people to able to find your site, don't block google spider.

>> Try searching for web sites in Google first

He doesn't like google. Haha..
That IP block (216.239.46.0/24) maps to google spider.

Anyway, if you just don't like google spider to appear in your access_log, instead of blocking them, just do like so:

LogFormat "%h %a %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" log_this
BrowserMatchNoCase ^Googlebot good_robot_but_dont_log
CustomLog /path/to/access_log log_this env=!good_robot_but_dont_log

If you don't want to see 404 error when spiders asking for /robots.txt, just create robots.txt and put something like:

User-agent: *

in your docroot. Because there isn't any way to filter out particular 404 from your error_log unless you write a script and pipe your ErrorLog to such script.

The whole thing is to accept google spiders, but don't log them, just to make your logs cleaner.

Then why does he always look for stuff in groops.google.com? OK, he's not too good at finding solutions to his problems, but he does use it.

>> Then why does he always look for stuff in groops.google.com?

No idea. But if you read this thread from the beginning, he was trying to block google spider and thinking it's harmful and is a security thread to his site.

Do you think googlebot is a good spider then?

I don't care about spiders and use ipchains mainly as an ad blocker.

Anyway, I don't think he's trying to block Google stuff - it's probably just an example. In fact, I'm wondering whether pentium5 knows at all what s/he wants to do.

if someone is blocking your normal traffic, what will your boss ask u to do?

if goggle is probing u all the times and it is not goggle but someone else, what will u do ?

if someone is blocking to entrance to highway , what will u do?

I am sure what I want to achieve with a little help( but a gaint step for me), I deleted ( mv ipchain from /etc/sysconfig/ to /etc);
I then change the name to ipchains.rule. chmod +x . Vola, I dial out and then detect my ip address. Change the blocking IP in the ipchains. Read the text from RobertL.Ziegler. Read the goggle example. mark and rem out the ipchains.

I block the incoming "my own ip" after I execute ./ipchains.rule.
Re-test it and un-rem and test it again.

I am sure what I am doing else I wont say "drop him on the floor" which was taken from goggle.

thanks guys.

What???


I hope you didn't do what I think you did. I hope you just removed your changes from /etc/sysconfig/ipchains and saved the file and didn't touch it again.


Fine. Now tell us where this text from R. L. Ziegler is. The guy wrote a whole book.


No new comment on this, really.

I still don't know what you have done. To block the address range that you named in your first post, doing once a

is enough, since this will be saved automatically to /etc/sysconfig/ipchains later on.

Anyway, what are you doing all this for? Do you run a web server? Then you should like spiders. Otherwise make robots.txt files.

>> if someone is blocking your normal traffic

If googlebot is not the best robot on the net, then there is no such thing as robot.

Googlebot don't block your traffic, it brings you more traffic so people can go to your site far more than their own bot traffic.

To determine whether it's a legitimate Googlebot, they usually have http://www.googlebot.com/bot.html under the UserAgent field. And of course, the IP block of 216.239.46.0/24.

I myself block all robots except googlebot.
Here is my list (some might be good robots to you):

BrowserMatchNoCase "^(.*libwww-perl|EmailSiphon|EmailWolf|LinkWalker|ExtractorPro|Mozilla.*NEWT|ProxyHunter|Crescent|Lockstep|Cherr yPicker|ia_archiver|WebBandit|WebEMailExtrac|NICErsPRO|Telesoft|Zeus.*Webster|Microsoft.URL|EmailCol lector|WebCopier|WebStripper|Rover|.*LWP|GetWebPage|SurfWalker|fastlwspider|Bullseye|attache|go-ahead-got-it|ASSORT|WebZIP|ScoutAbout|.*Harvest|ecollector|leech|WhosTalking|UtilMind|RepoMonkey|Digimarc|WebS nake|web.by.mail|Net.Vampire|disco|reget|.*prospector|PSurf|pavuk|IncyWincy|OpenTextSiteCrawler|Open find|searchterms\.it|sitecheck|ATHENS|Digger|MCspider|bew|Deweb|FEZhead|Fetch|Getleft|GetURL|.*HTTra ck|IBM_Planetwide|KWebGet|Monster|Mirror|NetCarta|OpaL|PackRat|PushSite|Rsync|Shai|Spegla|SpiderBot| SuperBot|tarspider|Templeton|WebCopy|WebMiner|webvac|webwalk|w3mir|XGET|WebReaper|WUMPUS|FAST-WebCrawler|Yandex|DIIbot)" bad_robot

When it's a bad robot, it may just try to grab emails for later spam or grab your entire site which waste your bandwidth or some of them are trying to look for exploits.
I also hate netcraft survey, so I blocked 195.92.95.0/24 at firewall level.

>> it's probably just an example

No, he's for real and that's what he intended to do in the first place. Originally he posted this thread to Apache forum but he was told by me to delete that thread (it was all about blocking googlebot). This thread is here because he wanted to do ipchains and block googlebot so I told him ipchains is off-topic in Apache forum.

I see. Thx 4 the explanation, freebsd.

By why use ipchains instead of robots.txt rules? Afaik googlebot is quite obedient to robots.txt.

Because he wants to minimize the amount of bandwidth wasted for his site. Perhaps it's just like one of the reasons why I block netcraft at firewall level and drop them silently.

O I C.

[root@s1 /etc]# /etc/rc.d/init.d/ipchains restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying ipchains firewall rules: [ OK ]
[root@s1 /etc]# ./ipchains.rules
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
[root@s1 /etc]# ./ipchains.rules
Chain input (policy ACCEPT):
target prot opt source destination ports
DENY tcp ------ 216.239.46.0/24 s1.myserver.com any -> any
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
target prot opt source destination ports
REJECT all ------ anywhere 216.239.46.0/24 n/a
[root@s1/etc]#




something is not right here?