LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Blocking certain IPs with iptables - what am I doing wrong?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-21-2004, 09:49 AM   #1
thinksincode
LQ Newbie
 
Registered: Nov 2004
Location: Massachusetts, USA
Distribution: Fedora
Posts: 27

Rep: Reputation: 15
Blocking certain IPs with iptables - what am I doing wrong?

Hi all,

I'm trying to block an address/range of addresses from connecting to my server - web, SSH, whatever. So I tried creating an iptables rule. To test it, I first blocked access from another machine I can log in to. But after adding the rule, I still can connect from that machine. Is there anything wrong with this rule?

iptables -A INPUT -p tcp -d $(INET_IP) -s 129.63.8.2 -j DROP

I would assume that by omitting the --dport argument it would block all ports?
 
Old 12-21-2004, 10:00 AM   #2
Butt-Ugly
Member
 
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
You may already have a rule that accepts this IP, chains are processed in the order that their rules appear.

Try something simple to start with..
Code:
iptables -I INPUT -s 129.63.8.2 -j DROP
This is (-I) inserted as the first rule in the input chain, so will therefore be processed first.

Here's some concepts for beginners.. http://www.brennan.id.au/06-Firewall_Concepts.html

Miles.
 
Old 12-21-2004, 10:27 AM   #3
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
iptables applies rules in order. fisrt rule is applied firstly. so if the first rule blocks network traffic, everything will be blocked. it doesnt matter what other rules says.
i prefer DROP as default policy for INPUT chain, then open neccessary ports or allow certain networks. this is a good idea. so other possibilities will be blocked by the default. it will also be easy to open a ports.
Code:
iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCPET
iptables -A INPUT -i $local_interface -s $local_net -j ACCEPT
iptables -A INPUT -p tcp -m mulitport --dport $allowed_port1,$allowed_port2,$allowed_port(x) -j ACCEPT
good luck.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 10:06 AM
Blocking A Class of Ips w/ Iptables kemplej Linux - Security 4 09-03-2004 11:02 AM
Blocking IPs bluelaguna Linux - Security 2 05-28-2004 02:08 PM
Troubles blocking single IPs using IPtables dave_blob Linux - Networking 5 04-04-2004 06:07 AM
Blocking IPS clanehleader Linux - Security 2 09-01-2003 10:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:41 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration