Monday, July 27, 2020

Blackhole Traffic in Linux

Previous | Linux | Next


A few times, I had this issue with some client connected to one our servers that was filling up the disk space with some garbage.

At that point (customer or not), I needed to block their IP from connecting. There are many ways of doing that (IPTABLES, SELinux, etc.) There is also a way of  doing that by rejecting their IP using routing table in Linux.

In this example I will use my two Raspberry PI computers. The first one, 192.168.0.253 (clu) will block the second one 192.168.0.254 (tron).

Method 1

pi@clu $ sudo route add 192.168.0.254 gw 127.0.0.1
pi@clu $

 The efect of this command will produce the following output:


pi@clu $ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.254   127.0.0.1       255.255.255.255 UGH       0 0          0 lo
pi@clu $

Removal is the same command with 'del' instead of 'add'.

pi@clu $ sudo route del 192.168.0.254 gw 127.0.0.1
pi@clu $

Method 2
Another way of accomplishing the same task is the following route table change

pi@clu $ sudo route add -host 192.168.0.254 reject
pi@clu $

It creates the following route table entry:

pi@clu $ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.254   -               255.255.255.255 !H        - -          - -
pi@clu $

In a similar way, we can use use keyword '-net 192.168.0.0 netmask 255.255.255.0 reject'. This will stop the whole network from entering our server.

Again, in order to remove it, the following needs to be configured:

pi@clu $ sudo route del -host 192.168.0.254 reject
pi@clu $

Finally, also a quick method is to use the keyword 'blackhole'.

Method 3 

pi@clu $ sudo ip route add blackhole 192.168.0.254/32
pi@clu $

This will create the following entry in the routing table:

pi@clu $ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.254   0.0.0.0         255.255.255.255 UH        0 0          0 *
pi@clu $

In order to remove this entry type in: 

pi@clu $ sudo ip route del blackhole 192.168.0.254/32
pi@clu $



at
Labels: ,

Cisco Is Easy - Main

  Cisco Basics (CCNA level)  Lessons: Watch Video Tutorials on Youtube 01 - Connecting to Cisco Console Port with MINICOM 02 - Navigatin...