Need to block a single IP not a subnet

Chris_305 · ‎04-11-2003

--------------------------------------------------------------------------------
I have installed IP Filter 9000 on my HP Server running HP-UX 11.i and can't seem to figure out how to block one single IP Address. Doing a full subnet is easy but I need to only block one single IP Address because I need the rest of the network to access this machine.
example I Have a private IP Address of 10.23.206.52 and want to block incoming traffic from 10.23.249.50.

Any info on this would be appreciated.

if I only knew I wouldn't be here-- ???

Navid HUSSAIN_2 · ‎04-13-2003

Hi,

You can achieve by adding entry in inetd.sec

Do man inetd.sec for more details.

Thx

NH

Teamwork

Ron Kinner · ‎04-13-2003

You might want to read the how-to at http://www.obfuscation.org/ipf/ipf-howto.txt but blocking one port is not much different from blocking a network. Just use the mask of /32 to tell it you only mean the one IP address. So it would be something like

block in quick 10.23.249.50/32
or maybe this:

block in quick on lan0 from 10.23.249.50/32 to 10.23.206.52/32

Ron

Steven E. Protter · ‎04-13-2003

Here is a real life example.

inetd.sec

dtspc allow 127.0.0.1 loopback
rlogin allow 10.1.* jufprod
ftp allow 10.1.* 10.1.11.* jufprod tzfat hebron
tftp allow 10.1.* jufprod
login allow 10.1.* 10.75.* 10.1.31.* 10.4* jufprod
telnet allow 10.1.* 10.75.* 10.1.31.* 10.4* jufprod
rcp allow 10.1.* 10.75.* jufprod

Now to block just add some statments like this.

ftp deny 10.23.249.50
login deny 10.23.249.50

Save it, maybe restart inetd -c

Back the file up before you start and test functionality that should work after your done.

Then.

You're done.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Sunil Sharma_1 · ‎04-13-2003

Hi,
inetd.sec is batter option if you want to block only one ip address but in this case you can block services to specific IP address not all incoming traffic.

SUnil

*** Dream as if you'll live forever. Live as if you'll die today ***

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Need to block a single IP not a subnet

Need to block a single IP not a subnet

Re: Need to block a single IP not a subnet

Re: Need to block a single IP not a subnet

Re: Need to block a single IP not a subnet

Re: Need to block a single IP not a subnet