06-15-2005, 07:02 AM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2004
Posts: 305
|
|
How I can block all traffic to one of IPs on server with iptables?
Somebody know how I can block ALL traffic to one IP on my server (destination ip) with iptables??
And how I can remove that ip from blocking list?
Thanks.
|
06-15-2005, 07:53 AM
|
|
Performance Specialist
|
|
Join Date: Dec 2004
Location: New York, NY
Posts: 10,339
|
|
To block an IP use:
Code:
/sbin/iptables -A INPUT -s 1.1.1.1 -j REJECT
To unblock an IP use:
Code:
/sbin/iptables -A INPUT -s 1.1.1.1 -j ACCEPT
To unblock all IPs use:
Thanks,
__________________
MediaLayer, LLC - Lightning fast web hosting since 2005. Ask about our new pure SSD storage platform!
›› First and leading provider of LiteSpeed based hosting combined with enterprise grade hardware.
›› Free Account Migrations, Custom Solutions, and Servers in US, EU, and Asia
›› Our Application Hosting plans outperform the typical VPS. Ask us about special offers on yearly plans!
|
06-15-2005, 08:51 AM
|
|
Community Guide
|
|
Join Date: Dec 2002
Location: The Shadows
Posts: 2,900
|
|
Ah.... I wouldn't use -F unless you change your default policies to allow. Might cause some unexpected problems(It blokcing everything for example. 
__________________
Dan Sheppard ~ Freelance whatever
|
06-15-2005, 09:42 AM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2004
Posts: 305
|
|
Great!!
And one more question, how I can block only one port (80)??
Thanks.
|
06-15-2005, 10:01 AM
|
|
Newbie
|
|
Join Date: Apr 2005
Posts: 29
|
|
iptables -A INPUT -p tcp --destinataion-port 80 -j REJECT
will do everything to port 80
iptables -A INPUT -p tcp -s 1.1.1.1 --destination-port 80 -j REJECT
would block it for only stuff from 1.1.1.1
|
06-15-2005, 11:31 AM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2004
Posts: 305
|
|
But this don`t work, I want block DESTINATION IP, I don`t want visitors access to that IP on port 80, how I can do that? If I good see this block visitor with IP 1.1.1.1!!???
Thanks.
|
06-15-2005, 11:51 AM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2004
Posts: 305
|
|
I think this is what I need:
iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT
|
06-15-2005, 12:18 PM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2004
Posts: 305
|
|
This iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT
work fine but only few minutes, something on my server RESET THIS and again allow access to this IP, what can do that? Why???
What can AUTO reset my iptables? cPanel?? This is MAIN/SHARED IP on my server...
|
06-15-2005, 05:03 PM
|
|
Performance Specialist
|
|
Join Date: Dec 2004
Location: New York, NY
Posts: 10,339
|
|
Re: This don`t want work :(
Quote:
Originally posted by gurika
This iptables -A INPUT -p tcp -d 2.2.2.2 --dport 80 -j REJECT
work fine but only few minutes, something on my server RESET THIS and again allow access to this IP, what can do that? Why???
What can AUTO reset my iptables? cPanel?? This is MAIN/SHARED IP on my server...
|
I'm not aware of something like that done at short intervals. However, I do know of something that may clear out iptable's rules every 24 hours or so.
Thanks,
__________________
MediaLayer, LLC - Lightning fast web hosting since 2005. Ask about our new pure SSD storage platform!
›› First and leading provider of LiteSpeed based hosting combined with enterprise grade hardware.
›› Free Account Migrations, Custom Solutions, and Servers in US, EU, and Asia
›› Our Application Hosting plans outperform the typical VPS. Ask us about special offers on yearly plans!
|
06-16-2005, 02:52 AM
|
|
WHT Addict
|
|
Join Date: Mar 2005
Posts: 164
|
|
try to save you iptables rules such as:
iptables-save > /etc/sysconfig/iptables
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
