I have try block non 44/8 traffic via tunnel IPIP with iptables but without success I have use ampr-ripd to create port 'tunl0'
I have add to firewall rule:
iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/8 -j DROP iptables -A FORWARD -i tunl0 -p all ! -s 44.0.0.0/8 -j DROP
but I have still a lot of traffic via tunl0 non 44/8 ip address and it is look like this not working for me
How did you validate that you still have the traffic? Does such traffic still reach an open port on your system or a system behind it? E.g. when you have telnet or ssh running, can you still telnet or ssh from internet?
Note that using a trace tool like "tcpdump" or "tshark/wireshark" is NOT a valid way of testing of those filters work! When you do "tshark -i tunl0" with the above filters in place, you will still see the traffic.
This is because tshark and tcpdump trace the real traffic on those interfaces BEFORE the filters have been applied.
Rob