Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2008
    Location
    India
    Posts
    261

    Quick IPTables Commands

    Quick IPTables Commands

    List: iptables -L -n | grep <IP Address>

    Remove: iptables -D INPUT -s <IP 1> -d <IP 2> -j DROP

    Insert: iptables -I INPUT -s <IP> -j DROP

    Flush: iptables -F

    Remove: iptables -D OUTPUT -s 0.0.0.0/0 -d 66.93.33.185 -j DROP

    netstat -nap | grep :80 | wc l (shows # of connections to HTTP)

    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort n (shows total connections per IP, if more than 100 block)
    Ranjith
    Light travels faster thn sound.This is why some people look bright until you actually hear them speak

  2. #2
    Join Date
    Mar 2009
    Location
    Israel
    Posts
    1,204
    Hey, you forgot the most important part.

    # iptables-save
    !!!!!!!!!!!!!!!

    these commands are ok , but they load the chains/rules into the ram memory only and wont hold after a server reboot, you must run the save commend in order to keep your settings.

    thank for the nice tips , im sure its golden for some people here!
    beast5.com - Managed Hosting Solutions 2004 - 2016

  3. #3
    Join Date
    Jun 2008
    Location
    India
    Posts
    261

    Talking

    Ahh, forgot that stuff, thanks for reminding
    Ranjith
    Light travels faster thn sound.This is why some people look bright until you actually hear them speak

  4. #4
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    what I do...

    I keep a text file with my "config". At the top, it flushes, then reads in all rules, then saves, and prints out to stdout (for my viewing pleasure).

    I simply add offending IP's / Networks, re-run the script. Bam.

    Done deal.

    I also have a custom country-ban with certain hack-ish countries blocked as an include file. Has cut down brute forces and dictionaries by about 80%. APNIC is the *worst*. Ugg.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

Similar Threads

  1. sed commands have a quick question
    By rumrunner439 in forum Programming Discussion
    Replies: 3
    Last Post: 07-09-2009, 03:50 PM
  2. after flush+zero iptables, will a new iptables ban work?
    By Tertsi in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-06-2008, 12:04 AM
  3. How to find IPtables (I can't restart iptables without a reboot)
    By DSD in forum Hosting Security and Technology
    Replies: 13
    Last Post: 12-28-2005, 03:51 PM
  4. iptables quick help...
    By polira in forum Hosting Security and Technology
    Replies: 3
    Last Post: 02-08-2005, 12:56 PM
  5. IPTables quick sample
    By AlaskanWolf in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-06-2003, 08:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •