Blocking storm identified networks

Discussion in 'Tomato Firmware' started by RonV, Feb 24, 2008.

  1. RonV

    RonV Network Guru Member

    I was on the SANS site tonight checking out my reports and I found a link to this site:

    http://www.threatstop.com/content/view/42/59/

    Anyway I was able to create some rules for iptables in Tomato that should block inbound access by host/ip:

    Code:
    iptables -A INPUT -s basic.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic.threatstop.com -j DROP
    
    iptables -A INPUT -s basic1.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic1.threatstop.com -j DROP
    
    iptables -A INPUT -s basic2.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic2.threatstop.com -j DROP
    
    iptables -A INPUT -s basic3.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic3.threatstop.com -j DROP
    
    iptables -A INPUT -s basic4.threatstop.com -j LOG --log-prefix "DROP "
    iptables -A INPUT -s basic4.threatstop.com -j DROP
    I would like to validate if this would work? Did I get the right CHAIN? Also since they update the lists every couple of hours is there a way to re-load the IP tables that are on the router without rebooting?

    Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice