Fedora Users — Re: deny http access based on IP on FC3

Re: deny http access based on IP on FC3

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: Re: deny http access based on IP on FC3

From: Neil Cherry <ncherry@xxxxxxxxxxx>

Date: Mon, 23 Jan 2006 12:11:02 -0500

In-reply-to: <43D50BF5.70708@xxxxxxxxxxx>

References: <43D506ED.1080007@xxxxxxxxxx> <43D50BF5.70708@xxxxxxxxxxx>

Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

User-agent: Thunderbird 1.5 (X11/20051201)

Andy Green wrote:

yonas abraham wrote:

hi,

I want to block a given IP from accessing my site, which is running
apache on a fully uptodated FC3 machine.

I taught I would just put the ip on /etc/hosts.deny and restart the
machine. But It is not working. I can block an access to sshd very
simply by adding the IP or sshd: IP and it works fine.

I wouldn't mind blocking every service to that IP in my machine but
preferably only httpd block.


iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP
service iptables save

will do what you need.  Leave out the --dport 80 to make the guy coming
from 123.123.123.123 unable to touch your box at all in tcp.


But be aware that he may still be able to get to your UDP services.

--
Linux Home Automation         Neil Cherry       ncherry@xxxxxxxxxxx
http://www.linuxha.com/                         Main site
http://linuxha.blogspot.com/                    My HA Blog
http://home.comcast.net/~ncherry/               Backup site