1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking storm identified networks

Discussion in 'Tomato Firmware' started by RonV, Feb 24, 2008.

  1. RonV

    RonV Network Guru Member

    I was on the SANS site tonight checking out my reports and I found a link to this site:


    Anyway I was able to create some rules for iptables in Tomato that should block inbound access by host/ip:

    iptables -A INPUT -s basic.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic.threatstop.com -j DROP
    iptables -A INPUT -s basic1.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic1.threatstop.com -j DROP
    iptables -A INPUT -s basic2.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic2.threatstop.com -j DROP
    iptables -A INPUT -s basic3.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic3.threatstop.com -j DROP
    iptables -A INPUT -s basic4.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic4.threatstop.com -j DROP
    I would like to validate if this would work? Did I get the right CHAIN? Also since they update the lists every couple of hours is there a way to re-load the IP tables that are on the router without rebooting?


Share This Page