Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

2.7. Blocking Access from a Remote Host

Problem

You want to block incoming traffic from a particular host.

Solution

To block all access by that host:

For iptables :

# iptables -A INPUT -s remote_IP_address -j REJECT

For ipchains :

# ipchains -A input -s remote_IP_address -j REJECT

To block requests for one particular service, say, the SMTP mail service:

For iptables :

# iptables -A INPUT -p tcp -s remote_IP_address --dport smtp -j REJECT

For ipchains :

# ipchains -A input -p tcp -s remote_IP_address --dport smtp -j REJECT

To admit some hosts but block all others:

For iptables :

# iptables -A INPUT -s IP_address_1 [-p protocol --dport service] -j ACCEPT
# iptables -A INPUT -s IP_address_2 [-p protocol --dport service] -j ACCEPT
# iptables -A INPUT -s IP_address_3 [-p protocol --dport service] -j ACCEPT
# iptables -A INPUT [-p protocol --dport service] -j REJECT

For ipchains :

# ipchains -A input -s IP_address_1 [-p protocol --dport service] -j ACCEPT
# ipchains -A input -s IP_address_2 [-p protocol --dport service] -j ACCEPT
# ipchains -A input -s IP_address_3 [-p protocol --dport service] -j ACCEPT
# ipchains -A input [-p protocol --dport service] -j REJECT

Discussion

You can also block access at other levels such as TCP-wrappers. [Recipe 3.9][Recipe 3.11]

See Also

iptables(8), ipchains(8).

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page