Reply With QuoteBuddha wrote:
> I've been trying to figure out how to block IP addresses for any access,
> though the point is to just block certain websites. I'm speaking of those
> scam sites that presume to be scanning your PC for viruses. They use an IP
> address in the url so URL blocking doesn't work.
>
> Like these mother!#&*ers:
>
http://91.213.217.190/index.php?On=v...&4f=C8#toolrmq
>
> I'm using DD-WRT firmware in a Linksys WRT350N device. I've been trying to
> enter a proper IPTABLES command in the command line box in the
> Administration menu. I've tried:
>
> iptables -I INPUT -d 91.213.217.190 -j logdrop
> iptables -I OUTPUT -d 91.213.217.190 -j logdrop
>
> No effect at all.
>
> Can anyone tell me how I can do this?
>
> Note, I can use the hosts file, or DD-WRT, to block the URL that redirects
> to the one with the IP in it, but I have a feeling that those change much
> more regularly than the bastard's IP itself.
Try something like..
IFACE="ppp0"
STATE=" -m state --state ESTABLISHED,RELATED"
iptables -F INPUT
iptables -F OUTPUTiptables -N IlogDrop
iptables -A IlogDrop -i $IFACE -j LOG --log-level emerg --log-prefix="FI "
iptables -A IlogDrop -i $IFACE -j DROP
iptables -A INPUT -i $IFACE -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --
state NEW -j IlogDrop
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i $IFACE -p tcp ${STATE} -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --destination relay.skynet.be --dport 25
-j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --destination relay.edpnet.be --dport 25
-j ACCEPT
Regards
Bookmarks