June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.7. Blocking Access from a Remote Host
Problem
You want to block incoming traffic from a particular host.
Solution
To block all access by that host:
For
iptables
:
# iptables -A INPUT -s remote_IP_address -j REJECTFor
ipchains
:
# ipchains -A input -s remote_IP_address -j REJECTTo block requests for one particular service, say, the SMTP mail service:
For
iptables
:
# iptables -A INPUT -p tcp -s remote_IP_address --dport smtp -j REJECTFor
ipchains
:
# ipchains -A input -p tcp -s remote_IP_address --dport smtp -j REJECTTo admit some hosts but block all others:
For
iptables
:
# iptables -A INPUT -sIP_address_1[-pprotocol--dportservice] -j ACCEPT # iptables -A INPUT -sIP_address_2[-pprotocol--dportservice] -j ACCEPT # iptables -A INPUT -sIP_address_3[-pprotocol--dportservice] -j ACCEPT # iptables -A INPUT [-pprotocol--dportservice] -j REJECT
For
ipchains
:
# ipchains -A input -sIP_address_1[-pprotocol--dportservice] -j ACCEPT # ipchains -A input -sIP_address_2[-pprotocol--dportservice] -j ACCEPT # ipchains -A input -sIP_address_3[-pprotocol--dportservice] -j ACCEPT # ipchains -A input [-pprotocol--dportservice] -j REJECT
Discussion
You can also block access at other levels such as TCP-wrappers. [Recipe 3.9][Recipe 3.11]
See Also
iptables(8), ipchains(8).