On Mon, 2006-01-23 at 12:11 -0500, Neil Cherry wrote: > Andy Green wrote: > > yonas abraham wrote: > >> hi, > >> > >> I want to block a given IP from accessing my site, which is running > >> apache on a fully uptodated FC3 machine. > >> > >> I taught I would just put the ip on /etc/hosts.deny and restart the > >> machine. But It is not working. I can block an access to sshd very > >> simply by adding the IP or sshd: IP and it works fine. > >> > >> I wouldn't mind blocking every service to that IP in my machine but > >> preferably only httpd block. > > > > iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP > > service iptables save > > > > will do what you need. Leave out the --dport 80 to make the guy coming > > from 123.123.123.123 unable to touch your box at all in tcp. > > But be aware that he may still be able to get to your UDP services. > if you use the line such as iptables -I INPUT -s 123.123.123.123 -j DROP he wont be able to get to ANY services. > -- > Linux Home Automation Neil Cherry ncherry@xxxxxxxxxxx > http://www.linuxha.com/ Main site > http://linuxha.blogspot.com/ My HA Blog > http://home.comcast.net/~ncherry/ Backup site >
