[ale] Blocking access to a subnet
Christopher Fowler
cfowler at outpostsentinel.com
Tue Apr 10 09:18:08 EDT 2007
On Mon, 2007-04-09 at 19:10 -0400, Christopher Fowler wrote:
> The logic behind that rule states that if the ppp interface is down
> then
> the kernel will try and route packets out of eth0 to the default
> gateway. Eth0's address is 209.168.246.233. So if the source is
> 209.168.246.233 then the ppp interface obviously is not up. The test
> after I applied the rules showed that it worked great. The only
> downside is that I had to know what the eth0 address is. This means
> that on a server with DHCP if I use this rule I need to get that
> address
> before applying this rule.
>
The only downside to this rule is that with tcp-reset the app sees a
'connection refused' This is okay for all the apps with the exception
of one. The one app reports to the user when it tries to connect and
that message could make the user think the remote device is up but
refusing to accept() any connections.
More information about the Ale
mailing list