bogon blocking only on some interfaces

Post Reply
oid
Junior Member
Posts: 1
Joined: 30 Dec 2011, 10:15

bogon blocking only on some interfaces

Post by oid »

Hello, we are using lot's of nat in 10.0.0.0/8 for our servers. is there a possibility to add bogon network blocking to only some interfaces?

like we have a public ip on eth0 but on eth1 and eth2 we have 10.0.0.0/8 addresses. on eth0 we want bogon network blocking.

greetings from holland and many thanks.
postcd
Junior Member
Posts: 48
Joined: 15 May 2014, 17:10

Re: bogon blocking only on some interfaces

Post by postcd »

As a noob, i bet this is not possible in CSF, unless you whitelist bogons in csf.ignore (in csf.allow too?) and then manually block them in iptables for certain interface:
IN:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
OUT:
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong
marcele
Junior Member
Posts: 215
Joined: 17 Sep 2007, 17:02

Re: bogon blocking only on some interfaces

Post by marcele »

CSF already supports this. Look at LF_BOGON_SKIP in /etc/csf/csf.conf
Post Reply