Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jul 2012
Looking for information on iptables
# iptables -A INPUT -s 188.8.131.52 -j DROP # /sbin/service iptables save
2. Would it ruin my current iptables configuration, I used the basic firewall application on the system to allow HTTP(80) and SSH(22) on my computer already.
Thanks in advance for the help. Still unsure about how these chains work and if I should make a configuration script to do this, something like.
#!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 22 # This is essential when working on remote servers via SSH to prevent locking yourself out of the system # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow HTTP for Apache iptables -A INPUT -p tcp --dport 80 -j ACCEPT # #Drop The Spammy Hacker iptables -A INPUT -s 184.108.40.206 -j DROP # Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept packets belonging to established and related connections # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # # Save settings # /sbin/service iptables save # # List rules # iptables -L -v
- Join Date
- May 2011
The best thing to do is to start with the system provided iptbles configuration in /etc/sysconfig/iptables. If you use the iptables GUI (system-config-firewall, i think), it will create one for you. Then add your iptable rule to drop the IP address as you've shown. The important thing to remember is to only use the iptables GUI initially to set up a working iptables config file. Once you start to modify it, never use the GUI again as it will overwrite your modified config file.
I've never used "service iptables save" before, but after looking at the init script, it appears to just write the file to /etc/sysconfig/iptables, so you should be good using it.
You can always run this command to show the current iptables rules that the kernel is using:
If you have trouble getting the DROP rule to work (test it on a local ip that you can temporarily block), try using an input rule (-I) instead of append rule (-A) .
Typically you have to tell your system to load the firewall rules you saved using iptables-save. This is usually done by adding a line to /etc/rc.local so it runs during startup.
The whole process should go a little something like this:
$ sudo iptables-save > /etc/firewall.rules
/sbin/iptables-restore < /etc/firewall.rules
- Join Date
- May 2011
You don't need to do this in CentOS (RHEL, Fedora, etc.). It is controlled by the initscript (/etc/init.d/iptables and ip6tables). Later (Fedora 15 and later, future RHEL, etc.) it is replaced by the systemd way of doing things. Anyway, the init script reads the /etc/sysconfig/iptables file and starts up the firewall based upon the rules there.
Another thing to remember is the rules are rad from top to bottom. the -A (APPEND) flag will place that rule at the bottom of the chain. So in your case all the rules in the INPUT chain will be matched before the your new rule will be matched as it will be the last rule in the chain.
If you are looking to make sure connections from this IP Address are dropped before anything else then you should use the -I (INCERT) flag and add it as such;
iptables -I 1 INPUT -s 220.127.116.11 -j DROP
The adventure of a life time.
Linux User #296285