I am trying to do my home work so as not to be such a beggar, but still the GUI for the IP tables is mysterious.
GOAL: block a range of IP addresses from any access to the server on any port WHY: I'm looking at access logs and we have a known Russian spam network range of 188.143.232.000-220.127.116.11; post spam comments to our wordpress at the rate of 1 a minute. I believe the WP module AKISMET is handingly these, but i would like to have the expertise to add REJECTs to the IpTables when I do see this happening. I'm trying to pay better attention to the logs...
SO: I assume in the IP Tables GUI we start by
Rule Comment: Block Russian Cialis/Viagra pushers Action to take "REJECT" ICMP Type ICMP-Host-prohibited (would default work)
Then we have the long "conditions' section of the form
Source address or network: Is this where I enter an IP? Can I enter a range?
then the rest of these which are marked as "ignore" ... i am not sure what can or cannot be ignored..
If you could put tool tips on that form that would help. Bottom Line:
what is the simplest entry(s) I need to make to block 1 IP or a range of IP's? from access to any port.
If you have the time are feeling very generous then you might add comments after each of the following form labels:
Destination address or network Incoming interface Outgoing interface Fragmentation Network protocol
Source TCP or UDP port Destination TCP or UDP port Source and destination port(s) TCP flags set TCP option number is set ICMP packet type Ethernet address Packet flow rate Packet burst rate Connection states Type of service Additional IPtables modules Additional parameters