| Author |
Message |
Crisis
Joined: 14 Jan 2004
Posts: 40
|
| Posted: Tue Jun 29, 2004 7:16 am Post subject: Best way to block IPs completely from Linode? |
|
|
I am wondering what the best way to block certains IPs from a Linode would be.
Would it be best to install a full firewall product? My main concern is something like iptables seems to need a custom kernel, and I do not know anything about UML or the way the kernel works in a UML environment.
I am very comfortable re-compiling kernels on normal boxes, but I am not sure how this would affect a linode.
Anyone have any suggestions? |
|
| Back to top |
|
Ciaran
Joined: 13 Feb 2004
Posts: 140
Location: England, UK
|
| Posted: Tue Jun 29, 2004 8:40 am Post subject: |
|
|
iptables doesn't need a custom kernel. It's true that iptables is controlled from kernel options, but most kernels - including the standard ones on Linode - enable it by default.
I'm not quite sure how to use it myself, but I can tell you that it's enabled and works - at least on my Linode, and I haven't done anything special with iptables. |
|
| Back to top |
|
Crisis
Joined: 14 Jan 2004
Posts: 40
|
| Posted: Tue Jun 29, 2004 9:56 am Post subject: |
|
|
Hmm I tried to emerge iptables in gentoo on my linode, but it would not compile because it could not access the kernel source.
Any ideas? I coudl emerge one of the various kernel sources but I would wonder if it is different the the actual kernel being used on the linode. |
|
| Back to top |
|
Joshua
Joined: 25 Jun 2004
Posts: 27
|
| Posted: Tue Jun 29, 2004 10:01 am Post subject: |
|
|
| iptables comesby deafult because it is required by the kernal to run (i think does on my home box) so try that i use webmin to edit my tptables rules |
|
| Back to top |
|
fieschko
Joined: 21 Jun 2004
Posts: 19
|
| Posted: Tue Jun 29, 2004 10:54 am Post subject: Re: Best way to block IPs completely from Linode? |
|
|
Crisis wrote: I am wondering what the best way to block certains IPs from a Linode would be.
If you already know which ips you want to block, put the ips in /etc/hosts.deny . (ALL: aaa.bbb.ccc.ddd) |
|
| Back to top |
|
Crisis
Joined: 14 Jan 2004
Posts: 40
|
| Posted: Tue Jun 29, 2004 11:32 am Post subject: |
|
|
| Will /etc/hosts.deny block all traffic from those IPS (TCP, UDP, ICMP etc) ? |
|
| Back to top |
|
caker
Joined: 15 Apr 2003
Posts: 2392
Location: Galloway, NJ
|
| Posted: Tue Jun 29, 2004 11:37 am Post subject: |
|
|
Crisis wrote: Hmm I tried to emerge iptables in gentoo on my linode, but it would not compile because it could not access the kernel source.
Lame bug in Gentoo. From another Linode user: "One work-around is to comment out the check_KV function in the iptables build."
All it wants is version.h...
-Chris |
|
| Back to top |
|
Crisis
Joined: 14 Jan 2004
Posts: 40
|
| Posted: Tue Jun 29, 2004 11:50 am Post subject: |
|
|
| Thanks I got it installed and have been able to add rules to block IPs ;) |
|
| Back to top |
|
fieschko
Joined: 21 Jun 2004
Posts: 19
|
| Posted: Tue Jun 29, 2004 11:58 am Post subject: |
|
|
Crisis wrote: Will /etc/hosts.deny block all traffic from those IPS (TCP, UDP, ICMP etc) ?
man hosts_access |
|
| Back to top |
|
| |
