Network Layer Filtering Response

After an attack is detected from a particular IP address, you can use the following iptables rules as a network layer response that falls into the filtering category. These rules are added to the INPUT, OUTPUT, and FORWARD chains; they block all communications (regardless of protocol or ports) to or from the IP address 144.202.X.X:

[iptablesfw]# iptables -I INPUT 1 -s 144.202.X.X -j DROP

[iptablesfw]# iptables -I OUTPUT 1 -d 144.202.X.X -j DROP

[iptablesfw]# iptables -I FORWARD 1 -s 144.202.X.X -j DROP

[iptablesfw]# iptables -I FORWARD 1 -d 144.202.X.X -j DROP

There are two rules in the FORWARD chain to block packets that originate from 144.202.X.X (-s 144.202.X.X) as well as responses from internal systems that are destined for 144.202.X.X (-d 144.202.X.X). If you use iptables as your network sentry, then the above rules provide an effective network choke point against the 144.202.X.X address.

Was this article helpful?

0 0

Post a comment