Re: deny http access based on IP on FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



yonas abraham:
>>>> I wouldn't mind blocking every service to that IP in my machine but
>>>> preferably only httpd block.
 
Andy Green:
>>> iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP
>>> service iptables save
>>>
>>> will do what you need.  Leave out the --dport 80 to make the guy coming
>>> from 123.123.123.123 unable to touch your box at all in tcp.
 
Neil Cherry:
>> But be aware that he may still be able to get to your UDP services.

A separate udp rule can be set up along the same lines (drop all UDP
traffic from that IP).


Jeff Vian:
> if you use the line such as 
>    iptables -I INPUT -s 123.123.123.123 -j DROP
> he wont be able to get to ANY services.

Correct, you'd want to make a rule that blocks all but port 80 (i.e. if
not port 80, drop), which is simple enough.  Something *like* the
following:

iptables -I INPUT -s 123.123.123.123 \! --dport 80 -j DROP

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux