Hello, we are using lot's of nat in 10.0.0.0/8 for our servers. is there a possibility to add bogon network blocking to only some interfaces?
like we have a public ip on eth0 but on eth1 and eth2 we have 10.0.0.0/8 addresses. on eth0 we want bogon network blocking.
greetings from holland and many thanks.
bogon blocking only on some interfaces
Re: bogon blocking only on some interfaces
As a noob, i bet this is not possible in CSF, unless you whitelist bogons in csf.ignore (in csf.allow too?) and then manually block them in iptables for certain interface:
IN:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
OUT:
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong
IN:
iptables -A INPUT -i eth0 -s BOGONIP -j DROP
OUT:
iptables -A OUTPUT -i eth0 -s BOGONIP -j DROP
i am probably wrong
Re: bogon blocking only on some interfaces
CSF already supports this. Look at LF_BOGON_SKIP in /etc/csf/csf.conf