Maybe I am blind, but is there place to enter IP's that you don't want to connect to your server globablly using WHM? I know you can do this per DOMAIN bases in Cpanel, but I wondered if there was a global pace within WHM?

__________________
I am MrPLC.com

Looking over the WHM docs here:

http://www.cpanel.net/docs/whm/index.html

"Refer to How do I use WebHost Manager"

I'm not seeing anyplace that would allow that (of course, I could be blind too).

You could also use iptables (as root):

iptables -I INPUT -s "IP TO BLOCK" -j DROP

__________________
Charnell Lucich
Community Evangelist

ServerBeach | By Geeks, For Geeks

Twitter: @CharnellLucich

Huh...

When I try and do a:

iptables -L

to LIST out BASH replies with a command not found. How can that be?

I am SU'd into my server.

I also got a bash command not found when I tried to add the IP address like you say QT. I read this page too:

http://www.netadmintools.com/part216.html

__________________
I am MrPLC.com

Did you try it as root or login as root properly?

Remember when you su to root, you use su -.

__________________
Charnell Lucich
Community Evangelist

ServerBeach | By Geeks, For Geeks

Twitter: @CharnellLucich

I forgot the DASH...shoot...thanks QT

__________________
I am MrPLC.com

Can I do a wild card is that legal?

Like:

iptables -I INPUT -s "55.55.55.*" -j DROP

or do I have to do it like this:

iptables -I INPUT -s "55.55.55." -j DROP

__________________
I am MrPLC.com

If you want to block the entire Class C then you'd do it like this:

iptables -I INPUT -s 55.55.55.0/24 -j DROP

You cannot use a * or ? wildcard with iptables. Only IP address and netmask (/24 is the netmask for a Class C)

__________________
Charnell Lucich
Community Evangelist

ServerBeach | By Geeks, For Geeks

Twitter: @CharnellLucich

Great thanks QT.

I also found a document that I can do a range like this:

iptables -I INPUT -s 55.55.55.1:55.55.55.100 -j DROP

does that look correct to you?

__________________
I am MrPLC.com

That's correct, yes.

You can do a range, but it doesn't really make sense since IPs are assigned by network and not ranges.

__________________
Charnell Lucich
Community Evangelist

ServerBeach | By Geeks, For Geeks

Twitter: @CharnellLucich

Yeah that seems dumb your right.

I like doing the whole Class C block.

I got a spammer that must be on dialup. So I am blocking all 254 possibilities of his dialup ISP... ;-) I think most dialup ISP are allowed a Class C.

Might be harsh, but what else can you do...hate being mr meany pants....

__________________
I am MrPLC.com

Most dialup providers lease their POPs from companies like ATT,C&W, Qwest, UUNet, etc. so they can be sitting on a Class A (/8) netblock. Depending on their area and how many customers they have in a specific area, they may have dozens of Class C blocks assigned to a specific dialup bank. My SBC DSL account hops between 3-4 different Class A networks whenever I disconnect and reconnect.

-knightfoo

__________________
I am not a ServerBeach employee, but I used to play one at work.
Real admins run Debian!
Recursive; adj. See Recursive

Great...thanks alot Knightfoo for BURSTING my bubble.....

it's good to know this information.

This spammer has tried four times and SO FAR, he is in one Class C..I hope it stays that way...

__________________
I am MrPLC.com

Uh....just a quick adder here...

CPanel clears the IPTABLES by default (INPUT) ones... everyday.

If you want iptables to remember your INPUT chains, you have to do a:

iptables -save

then tomorrow, those IP addresses you entered will still be there.

__________________
I am MrPLC.com

thanks for this thread.. just had to block about 200 proxies that were being used to harass an MT blogging site on my box.

However i dont see in the help for iptables anything to do with the command -save
I tried it on my box (RH) and it didnt like that command either...

thanks to you both

__________________
www.WestBendWeb.com
www.Blogs-About.com

Actually.

it's

# iptables-save

no space.

sorry about that.

__________________
I am MrPLC.com