Re: Blocking incoming IP address immediately

From: repo (news_at_beginnerslinux.org.invalid)
Date: 11/29/04 

Date: 29 Nov 2004 16:01:03 GMT

On Mon, 29 Nov 2004 09:32:41 -0600, Jeff Franks wrote:
> I have a gaming server and am trying to create an IPTABLES firewall that
> will allow me to "ban" an IP. I have been able to do this, but the ban only
> takes place if I reboot the firewall pc. I need this to be something that
> can take effect immediately. If I have a cheater/abuser in the game, I need
> to be able to script something so that I can block all traffic from that
> person's IP or IP Range. From what I've dug up, this should be doable with
> a simple :
>
> iptables -A INPUT -s 123.45.67.89 -j DROP
>
> I've also seen where the -SYN option should be used and I've played with the
> ESTABLISHED and RELATED options. ANY ideas on this will be greatly
> appreciated. BTW, the game works fine, all the port forwarding and NAT
> works great. I just need the ability to block IP's on the fly. If I can't
> get this to work, I'd just as soon go back to the LinkSys I had in place
> before :-/
>
> Thanks
>
> jf
>
> Here is my current IPTABLES script. I know its simple, but while trying to
> determine how to do this, I've stripped all the fluff out. I'll put it back
> once I figure out my problem.
>

you can use the route command
/sbin/route add -host $TARGET$ reject
or drop the IP in /etc/hosts.deny 

-- 
Chaos, panic & disorder - my work here is done
http://beginnerslinux.org
http://repo.mine.nu