Results 1 to 10 of 10
  1. #1
    Join Date
    Aug 2004
    Posts
    333

    How I can block all traffic to one of IPs on server with iptables?

    Somebody know how I can block ALL traffic to one IP on my server (destination ip) with iptables??

    And how I can remove that ip from blocking list?

    Thanks.

  2. #2
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    To block an IP use:

    Code:
    /sbin/iptables -A INPUT -s 1.1.1.1 -j REJECT
    To unblock an IP use:

    Code:
    /sbin/iptables -A INPUT -s 1.1.1.1 -j ACCEPT
    To unblock all IPs use:

    Code:
    iptables -F
    Thanks,
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  3. #3
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,913
    Ah.... I wouldn't use -F unless you change your default policies to allow. Might cause some unexpected problems(It blokcing everything for example.
    Dan Sheppard ~ Freelance whatever

  4. #4
    Join Date
    Aug 2004
    Posts
    333
    Great!!

    And one more question, how I can block only one port (80)??

    Thanks.

  5. #5
    iptables -A INPUT -p tcp --destinataion-port 80 -j REJECT

    will do everything to port 80

    iptables -A INPUT -p tcp -s 1.1.1.1 --destination-port 80 -j REJECT

    would block it for only stuff from 1.1.1.1
    Jonathan
    Hostingplex Support

    http://www.hostingplex.com
    Webhosting, VPS, Dedicateds and more.

  6. #6
    Join Date
    Aug 2004
    Posts
    333
    But this don`t work, I want block DESTINATION IP, I don`t want visitors access to that IP on port 80, how I can do that? If I good see this block visitor with IP 1.1.1.1!!???

    Thanks.

  7. #7
    Join Date
    Aug 2004
    Posts
    333
    I think this is what I need:
    iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT

  8. #8
    Join Date
    Aug 2004
    Posts
    333

    This don`t want work :(

    This iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT

    work fine but only few minutes, something on my server RESET THIS and again allow access to this IP, what can do that? Why???

    What can AUTO reset my iptables? cPanel?? This is MAIN/SHARED IP on my server...

  9. #9
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574

    Re: This don`t want work :(

    Originally posted by gurika
    This iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT

    work fine but only few minutes, something on my server RESET THIS and again allow access to this IP, what can do that? Why???

    What can AUTO reset my iptables? cPanel?? This is MAIN/SHARED IP on my server...
    I'm not aware of something like that done at short intervals. However, I do know of something that may clear out iptable's rules every 24 hours or so.

    Thanks,
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  10. #10
    try to save you iptables rules such as:
    iptables-save > /etc/sysconfig/iptables

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •