Results 1 to 7 of 7

Thread: iptables

  1. #1

    iptables

    Good Evening!
    Great community you have here. I have a question for you firewall experts!

    I am attempting to use IPTABLES to block a specific IP address from being called out from a box. What command would I setup?

    The IP is 65.24.22.1

    I basically want all outgoing packets to be dropped and how would I initialize this so it doesn't get cleared from the kernal at every reboot?

    Any help would be greatly appreciated.


    Thanks!

    Marc

  2. #2
    Join Date
    Apr 2002
    Location
    Auckland - New Zealand
    Posts
    1,572
    Have a look here - http://www.linuxguruz.org/iptables/
    Everything that you need can be found there.

  3. #3
    Hello! I reviewed some of the links and I couldn't get this working.

    iptables -L reveals
    [[email protected] /]# iptables -L
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
    Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
    /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
    iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.




    Is there a specific command I can run?

  4. #4
    Join Date
    Apr 2002
    Location
    Auckland - New Zealand
    Posts
    1,572
    You need to disable ipchains first and make sure they don't start at reboot - Depends on your OS - This is for RH 7.3

    type

    ntsysv

    in a shell session - uncheck ipchains and make sure iptables are checked. next reboot only iptables will load.

    Depends on your OS - try

    chkconfig --level 0123456 ipchains off
    rmmod ipchains

    If you get errors then you may need to reboot to get the change to happen.

    Do some searches for disabling ipchains if that doesn't work.

  5. #5
    Hi Steve!
    It worked perfectly and I do not get an error anymore. Its now just a matter of using the right commands

  6. #6
    Join Date
    Jun 2002
    Location
    Silver Spring, Maryland
    Posts
    256
    iptables -A INPUT -s 65.24.22.1 -j DROP

    Edit: I just looked up it's PTR record, and it points to dhcp065-024-022-001.columbus.rr.com. DHCP stands for Dynamic Host Control Protocol. Basically, it's a protocol for dynamically assigning IP addresses on a network. Unless RR has some non-standard methods for assigning their addresses, he has a dynamic address and it WILL change. Blocking his current address probably won't do much good. Not to mention that he can just use another computer remotely, and unfortunately it's probably not going to help.

    Why are you blocking him though? There's a good chance there are other, more effective solutions to the problem. Maybe I'll even know one

    Another edit : Just in case anyone here is confused about it, having dhcp in a FQDN doesn't necessarily mean the host it points to uses DHCP, nor does using DHCP add dhcp to a host's name! In this case though, it's a good bet RR is putting it there because they do.
    Last edited by no1v2; 10-22-2002 at 03:23 AM.

  7. #7
    Join Date
    Apr 2002
    Location
    Auckland - New Zealand
    Posts
    1,572
    It's a good idea to build you own firewall with your own rules - Have a look at some of those scripts and choose what you want to block and what you don't - The variables are infinite.

    Temporarily blocking someone is good also - take a look at downloading and installing portsentry - That can be config'd to drop IP's with iptables rules too - as they try to scan you etc they will get blocked - you can flush your iptables whenever suits so that you aren't blocking someone on dhcp etc forever
    Persistent ones that are scannning your ports or just people that you don't want looking at your machine at all can be added to your /etc/hosts.deny or your firewalls blacklist (depending upon which firewall script, if any you decide to use.)

    Hope that helped some.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •