AIF 要封鎖特定 IP 也很簡單,不過 Debian Squeeze 版的 AIF 是 1.9 版,不是最新版 2.0.1 ,所以 /etc/arno-iptables-firewall/firewall.conf 這個檔案有些動作要作。
- #BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
這一行的 "#" 要拿掉。
- DISABLE_IPTABLES_BATCH=0
這裡 0 要改為 1
以上兩點我是 google 來的,沒有在作者的 FAQ 裡面。
其他的作者本人的網站有 FAQ,
http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=50&Itemid=81寫得很清楚,只是用英文寫的。
Q: What's the proper way to use the blocked hosts file?
A: Just put the hostname or IP of the host(s) you want to block in "
/etc/iptables-blocked-hosts" (default location). You can use comments (
starting with the #-character) but it can only be used when the whole line is a comment!
基本上只要把你要封鎖的 IP 寫在 "/etc/iptables-blocked-hosts" 一個 IP 一行。"#" 起頭的行為註解。寫完之後,重啟服務就好了。
要封鎖一個網段
Q: How can I use IP address ranges in the configuration file and/or the block hosts file?
A: Version 1.8 does NOT support IP ranges (except for the blocked hosts file), and never will. However starting with version 1.9, you can use class C IPv4 ranges like ie.
192.168.1.10-20, which would include all IP's between 192.168.1.10 en 192.168.1.20.
就像這樣啦,你打 192.168.1.10-20 ,它就封鎖 192.168.1.10 到 192.168.1.20.
有沒有簡單?