How to stop the flood?

Rob Sterenborg rob at sterenborg.info
Thu Apr 28 17:47:53 CEST 2005


netfilter-bounces at lists.netfilter.org <> scribbled on Thursday, 28 April
2005 16:48:

> Thankyou for the reply.
> 
> This was the log from one of my client who was attacked from a client
> on other subnet. 
> 
> My network consist of clients from different subnets of /24.
> 
> The attacks from one subnet travels through my linux router
> and hits the client on other subnet.
> 
> I tried few rules as below but seems not to be working.

The script doesn't block any packets from 192.168.25.208.
If 192.168.25.208 isn't allowed passing your router, you should block it
:

$IPT -A FORWARD -s 192.168.25.208 [-d <destination_ip>] \
  -j [DROP|REJECT --reject-with-tcp-reset]

Or something like that.

The real solution is like Jason said : track down the person at
192.168.25.208 and kick his/her ass !


Gr,
Rob




More information about the netfilter mailing list