PDA

View Full Version : IPTables Clueless



Buddha
11-21-10, 11:27 PM
I've been trying to figure out how to block IP addresses for any access,
though the point is to just block certain websites. I'm speaking of those
scam sites that presume to be scanning your PC for viruses. They use an IP
address in the url so URL blocking doesn't work.

Like these mother!#&*ers:
http://91.213.217.190/index.php?On=vemJhHnFqBBZlfyp6TQVJZ0gzDV&S0=MCeW5lDXYgLA18Kjxlc1kJDXB&BE94=19A9EK1EBL7O42S9F925Y7WSX15V461AKPY0CZ68VHV&OK=FMWYsL001LRNeK0hTNGYvXU5ePE4rJzFcUCpIAQR&D1=K145S4P423NWR4BAN4OKXPEUUF&pp=cdXhTfCd9Bn5WCy8IdAACAWkEZmthRVAlQA%3D%3D&4f=C8#toolrmq

I'm using DD-WRT firmware in a Linksys WRT350N device. I've been trying to
enter a proper IPTABLES command in the command line box in the
Administration menu. I've tried:

iptables -I INPUT -d 91.213.217.190 -j logdrop
iptables -I OUTPUT -d 91.213.217.190 -j logdrop

No effect at all.

Can anyone tell me how I can do this?

Note, I can use the hosts file, or DD-WRT, to block the URL that redirects
to the one with the IP in it, but I have a feeling that those change much
more regularly than the bastard's IP itself.

Andre
11-22-10, 04:50 AM
Buddha wrote:

> I've been trying to figure out how to block IP addresses for any access,
> though the point is to just block certain websites. I'm speaking of those
> scam sites that presume to be scanning your PC for viruses. They use an IP
> address in the url so URL blocking doesn't work.
>
> Like these mother!#&*ers:
>
http://91.213.217.190/index.php?On=vemJhHnFqBBZlfyp6TQVJZ0gzDV&S0=MCeW5lDXYgLA18Kjxlc1kJDXB&BE94=19A9EK1EBL7O42S9F925Y7WSX15V461AKPY0CZ68VHV&OK=FMWYsL001LRNeK0hTNGYvXU5ePE4rJzFcUCpIAQR&D1=K145S4P423NWR4BAN4OKXPEUUF&pp=cdXhTfCd9Bn5WCy8IdAACAWkEZmthRVAlQA%3D%3D&4f=C8#toolrmq
>
> I'm using DD-WRT firmware in a Linksys WRT350N device. I've been trying to
> enter a proper IPTABLES command in the command line box in the
> Administration menu. I've tried:
>
> iptables -I INPUT -d 91.213.217.190 -j logdrop
> iptables -I OUTPUT -d 91.213.217.190 -j logdrop
>
> No effect at all.
>
> Can anyone tell me how I can do this?
>
> Note, I can use the hosts file, or DD-WRT, to block the URL that redirects
> to the one with the IP in it, but I have a feeling that those change much
> more regularly than the bastard's IP itself.

Try something like..

IFACE="ppp0"
STATE=" -m state --state ESTABLISHED,RELATED"


iptables -F INPUT
iptables -F OUTPUTiptables -N IlogDrop
iptables -A IlogDrop -i $IFACE -j LOG --log-level emerg --log-prefix="FI "
iptables -A IlogDrop -i $IFACE -j DROP


iptables -A INPUT -i $IFACE -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --
state NEW -j IlogDrop
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i $IFACE -p tcp ${STATE} -j ACCEPT



iptables -A OUTPUT -o $IFACE -p tcp --destination relay.skynet.be --dport 25
-j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --destination relay.edpnet.be --dport 25
-j ACCEPT
Regards