Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2005
    Location
    Tinterweb
    Posts
    555

    Question How to Block a Block of IP'S

    I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IPs have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible.
    IPS:
    200.11.*******
    201.*******

    Thanks in advance

  2. #2
    Join Date
    May 2001
    Location
    Mass.
    Posts
    56
    Check out the deny_hosts.rules file in APF usually found at /etc/apf/deny_hosts.rules

    You can put single IPs in that file, or an IP mask. For example you could add 200.11.0.0/16 to that file to block all of 200.11 and therefore you would be blocking 65534 IPs.

    I would not recommend a /16 block though, try and find the offending /24 subnets and add them into this file as each /24 will only block 254 IPs.

    Use the CIDR/Netmask test on http://www.dnsstuff.com/ to figure out specific netmasks.


    After adding the IP ranges to that file, if you restart APF with a 'service apf restart', the block will take effect.

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    apf -d IP will automatically add it to the deny file. Also then there is no need for restarting apf.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    Hello,

    From Following steps you can block an IP

    A) /etc/apf/apf -d IP Reason
    > The -d flag means DENY the IP address
    > IP is the IP address you wish to block
    > Reason is comments to why the IP is being blocked

    Example:

    ./apf -d 267.14.188.1 TESTING

    vi /etc/apf/deny_hosts.rules

    Shows the following:

    # added 267.14.188.1 on 08/23/05 01:25:55
    # TESTING
    267.14.188.1

    B) pico /etc/apf/deny_hosts.rules

    You can then just add a new line and enter the IP you wish to block. Before this becomes active though youll need to reload the APF ruleset.

    /etc/apf/apf -r


    Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •