20 Aug
2016
20 Aug
'16
6:45 p.m.
I have try block non 44/8 traffic via tunnel IPIP with
iptables but without
success
I have use ampr-ripd to create port 'tunl0'
I have add to firewall rule:
iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/8 -j
DROP
iptables -A FORWARD -i tunl0 -p all ! -s 44.0.0.0/8 -j DROP
but I have still a lot of traffic via tunl0 non 44/8
ip address and it is
look like this not working for me
How did you validate that you still have the traffic?
Does such traffic still reach an open port on your system or a system behind it?
E.g. when you have telnet or ssh running, can you still telnet or ssh from internet?
Note that using a trace tool like "tcpdump" or "tshark/wireshark" is
NOT a valid way
of testing of those filters work!
When you do "tshark -i tunl0" with the above filters in place, you will still
see the traffic.
This is because tshark and tcpdump trace the real traffic on those interfaces BEFORE the
filters
have been applied.
Rob
3051
days inactive
3051
days old
0 comments
1 participants
participants (1)
-
Rob Janssen