yonas abraham: >>>> I wouldn't mind blocking every service to that IP in my machine but >>>> preferably only httpd block. Andy Green: >>> iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP >>> service iptables save >>> >>> will do what you need. Leave out the --dport 80 to make the guy coming >>> from 123.123.123.123 unable to touch your box at all in tcp. Neil Cherry: >> But be aware that he may still be able to get to your UDP services. A separate udp rule can be set up along the same lines (drop all UDP traffic from that IP). Jeff Vian: > if you use the line such as > iptables -I INPUT -s 123.123.123.123 -j DROP > he wont be able to get to ANY services. Correct, you'd want to make a rule that blocks all but port 80 (i.e. if not port 80, drop), which is simple enough. Something *like* the following: iptables -I INPUT -s 123.123.123.123 \! --dport 80 -j DROP -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
