bogon blocking only on some interfaces

3 posts Page 1 of 1
oid
Junior Member
Posts: 1
Joined: 30 Dec 2011, 10:15


Hello, we are using lot's of nat in 10.0.0.0/8 for our servers. is there a possibility to add bogon network blocking to only some interfaces?

like we have a public ip on eth0 but on eth1 and eth2 we have 10.0.0.0/8 addresses. on eth0 we want bogon network blocking.

greetings from holland and many thanks.
postcd
Junior Member
Posts: 47
Joined: 15 May 2014, 17:10


As a noob, i bet this is not possible in CSF, unless you whitelist bogons in csf.ignore (in csf.allow too?) and then manually block them in iptables for certain interface:
IN:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
OUT:
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong
marcele
Junior Member
Posts: 155
Joined: 17 Sep 2007, 17:02


CSF already supports this. Look at LF_BOGON_SKIP in /etc/csf/csf.conf
3 posts Page 1 of 1