[22:32]<wjjmmwjjmlnacnz>kimo: Drop everything, limit, log and restrict the rest ! [23:30]<rdsvrand>I'm trying to write a web accessible user interface to iptables to block IP addresses. Is there anyway to add a block on an IP address only if it doesn't already exist? (Or will I have to write my own routines to check). For example, I'll have a cronjob setup to read an external file of banned IP's and the script will add them to iptables (if needed). [23:32]<mrrynfmr>if you wanted to, you could use ipset or recent to do the IP checking [23:33]<mrrynfmr>ipset would be better for it, but requires a kernel patch, whilee recent is alreay in the kernel [23:34]<mrrynfmr>you just echo ip > /proc/net/ipt_recent/BLOCK; iptables -A INPUT -m recent --rcheck --name BLOCK -j DROP [23:35]<rdsvrand>hmm, doesn't look like I have either of them (Debian 3.1) [23:35]<mrrynfmr>really? [23:35]<mrrynfmr>how did you test that? [23:36]<rdsvrand>I just tried changing directories to /proc/net and there isn't any ipt_recent [23:37]<mrrynfmr>of course, you probably don't have the module loaded [23:37]<mrrynfmr>modprobe ipt_recent [23:38]<rdsvrand>ok, now I've got it [23:38]<mrrynfmr>you need to insert the rule first; it will create the files in the directory [23:52]<cydj>I'm little confused about forward chain. Traffic passing in Forward is 1) SNAT from users or 2) Being DNAT into internal servers, right ? (anything else?) [23:55]<mrrynfmr>it is anything that is routed by the machine - everything not destined for it, or generated by it [23:56]<cydj>I understand that, but I cant think of any other form of traffic other than SNAT/DNAT? anything specific ? [23:56]<mrrynfmr>consider a _normal_ router - all the traffic would go through without any NAT [23:57]<mrrynfmr>or, if you had two local networks, traffic between the two would also go through FORWARD [23:59]<cydj>hmm thanks ..
