Linux Knowledge

08/16/2009

Null routes in Linux

A null route basically specifies the network service of linux to redirect all traffic from an specific host to a 'pit hole', 'black hole' or to be more accurate NULL.

Why is this useful?

Basically its a fast way to block a host or network from your box, all traffic from the host will be pretty much sent to the garbage immediately.

How to do it?

This is done by adding the following line to the /etc/sysconfig/static-routes file:

any host 111.111.111.111 reject

(being 111.111.111.111 the ip address to block)

After you add all the ip addresses or networks you want to block, simply restart your network services and the new null route will be added.

When you perform a "route -n" command you will see this IP with "-" as it's gateway. This will cause your server to drop all response traffic to this IP.

Destination Gateway Genmask Flags Metric Ref Use Iface
111.111.111.111 - 255.255.255.255 !H 0 - 0 -

If you wish to un-blacklist this IP in the future simply remove the aforementioned line from the static-routes file and restart the "network" service on the server.

As a webhosting provider in Costa Rica, i've used this simple tweak many many times on our servers for certain unwanted traffic. Hope you find it as useful as I did.

Felipe

Posted by Felipe Cruz Ferrero on 08/16/2009 at 09:04 AM in Linux Knowledge | | Comments (0) | TrackBack (0)

Technorati Tags:

|