iptables blocking all ips except US & US Amazon. Can't log dropped IPs.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Couple of problems with your post: you seem to miss common rules with respect to state and devices (loopback), your rules do not seem to have a logical order and you're trying to -j DROP stuff even while you have a DROP ingress policy. That can be easily remedied by reading http://www.frozentux.net/documents/iptables-tutorial/. You also posted a seemingly incomplete rule set: best just run 'iptables-save' to get the right output. If you understand what you're doing you could change the filter table INPUT chain default policy to ACCEPT, the use -j LOG lines directly before -j DROPping traffic and end the chain with a catch all REJECT or DROP rule.
Thanks for your advice. I am new to iptables and am still trying to understand it better. I thought making the INPUT policy DROP and accepting USA would be easier then identifying all Non-US country IP & would take less storage to load. The reason I logged & dropped Amazon AWS was because the IP's were in the US. Our Linux system is in between the Internet and our mainframe. It was getting hammered and I had to come up with a solution which is working but needs to be setup properly. I will check out the link you provided.
To be clear, order in iptables matters. So if you have "ACCEPT" rules before your "BLOCK" rules then the "ACCEPT" rules will skip over them. You must order them in a way in which you wish them to be addressed. That means if you accept certain IP blocks but wish to drop ip ranges which fall inside the accepted blocks then you must put those DROP rules for the blocked range before the encompassing ACCEPT range.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.