Find the answer to your Linux question:
Results 1 to 4 of 4
lets just discuss about the security features. I am Arul Kumar having the method given below to block the unwanted IP address. Is there any way to refuse access of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2008
    Posts
    4

    block an ip address from accessing the linux server


    lets just discuss about the security features. I am Arul Kumar having the method given below to block the unwanted IP address. Is there any way to refuse access of server from the outside world?


    We can block an ip address from accessing the linux server.This can done by using APF
    (for information about APF please refer to the scrap 'Advanced Policy Firewall-APF' in hiox.org).
    Here is the scrap that tells you about
    blocking your linux server for specific IP address


    To Block:
    You can do this in two ways:
    *The first is using apf command as in the following syntax:
    apf -d (or) --deny [IP address]
    eg:
    apf -d 198.168.0.12
    *The second way is to manually edit the /etc/apf/deny_hosts.rules -configuration file
    you can specify the IP or domain name in this file.
    For example to deny the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/deny_hosts.rules file:
    192.168.0.1
    station1.XXXXX.com


    To allow
    This can be also done in two ways:
    *The first is using apf command as in the following syntax:
    apf -a (or) --allow [IP address]
    eg:
    apf -d 198.168.0.12
    *The second way is to manually edit the /etc/apf/allow_hosts.rules -configuration file
    you can specify the IP or domain name in this file.
    For example to allow the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/allow_hosts.rules file:
    192.168.0.1
    station1.XXXXX.com

    In this file, You can also specify what kind of services that are allowed to access.For this the syntax is:

    [tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP

    As an example, to allow the ip address 192.168.0.12 to access the port 22 service of linux server,you can specify as in the following:
    tcp:in:d=22:s=192.168.0.12

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    you can use webmin (web based system admin) and setup iptables, very straightfoward. couldn't you also just use /etc/hosts.allow and /etc/hosts.deny ??

  3. #3
    Just Joined!
    Join Date
    Apr 2008
    Posts
    4

    Thank you...
    I can try with your idea...
    By creating a IP table, can we block the bunch of IP address that are we dont want to access our premises...Right?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    Quote Originally Posted by varul View Post

    Thank you...
    I can try with your idea...
    By creating a IP table, can we block the bunch of IP address that are we dont want to access our premises...Right?
    yes, iptables is very powerful. most linux firewalls are just gui's for iptables.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •