[BlueOnyx:11896] Re: Need to remove a rejected IP

[George F. Nemeyer]

On Thu, 3 Jan 2013, Richard Barker wrote:

> I used this command to block an attacker
> route add -net x.x.x.x netmask 255.255.255.255 reject
>
> if I do a netstat -nrl I get this
> x.x.x.x  -               255.255.255.255 !H        - -          - -
>
> How do I get it removed ?

I've found different versions of route are terribly picky about syntax,
in particular, some demand the netmask portion, and some don't.

Try:

route del -net x.x.x.x netmask 255.255.255.255

and

route add -net x.x.x.x

Your particuar 'man route' man page may provide some clues.

If you don't want to reboot, you could take the interface down and bring
it back up, though clearly you *DON'T* want to do this unless you have a
console or alternate method of getting into and controlling the box as
you could get locked out if things don't behave as they should.

Try:

service network restart

That should restart the network with the box's 'default' network settings
and any manually entered, but otherwise unsaved routes should go away.

In general, iptables should be used to block attacks rather than adding
null routes:

iptables -A INPUT -s <sourceIP(/netmask) -j DROP     <---  -A adds rule

iptables -D INPUT -s <sourceIP(/netmask) -j DROP     <---  -D deletes rule

Check man iptables for help on that.

=^_^=  Tigerwolf