The
Linux routing table can block the incoming connection to prevent the Denial of
Service (DoS) and save resource utilization. The Linux routing tables can used
to block such IP addresses or whole sub net with reject route and null route.
This
article describes How to Block a Whole Sub Net using Routing Table in CentOS 7.
Block a Whole Sub net: Run
the following command to block whole sub net:
[root@linuxcnf
~]# route
add -net 192.168.50.0 netmask 255.255.255.0 reject
[root@linuxcnf
~]#
|
Verify the Changes: Run
the following command to verify the changes:
[root@lc-node1
~]# route
-n
Kernel
IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.43.1 0.0.0.0 UG
100 0 0 enp0s3
192.168.43.0 0.0.0.0 255.255.255.0 U
100 0 0 enp0s3
192.168.50.0 -
255.255.255.0 !
0 - 0 -
[root@lc-node1
~]#
|
Remove Blocked Sub net: Run
the following command to allow access for blocked sub net:
[root@linuxcnf
~]# route
del -net 192.168.50.0 netmask 255.255.255.0 reject
[root@linuxcnf
~]#
|
Verify the Changes: Run
the following command to verify the changes:
[root@lc-node1
~]# route
-n
Kernel
IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.43.1 0.0.0.0 UG
100 0 0 enp0s3
192.168.43.0 0.0.0.0 255.255.255.0 U
100 0 0 enp0s3
[root@lc-node1
~]#
|
Done!!!
Whole sub nets can be blocked or unblocked using
route command. Change sub net according to the environment.
No comments:
Post a Comment