LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Add temporary rule to Iptables (http://www.linuxquestions.org/questions/linux-security-4/add-temporary-rule-to-iptables-625619/)

rickh 03-04-2008 08:21 AM

Add temporary rule to Iptables
 
I don't have extreme needs for a Firewall. I have the hardware firewall on my router, backed up by Firestarter. My iptables rules are set up by Firestarter. This is an excerpt from "# iptables -L -n"
Code:

.
.
.
Chain INBOUND (1 references)
target    prot opt source              destination       
ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
ACCEPT    udp  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
ACCEPT    all  --  192.168.123.0/24    0.0.0.0/0         
ACCEPT    tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpts:6696:6699
ACCEPT    udp  --  0.0.0.0/0            0.0.0.0/0          udp dpts:6696:6699
LSI        all  --  0.0.0.0/0            0.0.0.0/0
.
.
.

For the current session only, I wish to also block a specific IP address (1.1.1.1). I assume that I can do that using the iptables command to add the rule, but...
Code:

debian64:~# iptables -A INBOUND DROP      all  --  1.1.1.1/0            anywhere
Bad argument `DROP'
Try `iptables -h' or 'iptables --help' for more information.

debian64:~# iptables -h
iptables v1.4.0

Usage: iptables -[AD] chain rule-specification [options]
.
.
.

What am I doing wrong?

acid_kewpie 03-04-2008 08:25 AM

well that's not an iptables command... that you copying the verbose output and pasting it back in... big mistake!

iptables -A INPUT -s 1.1.1.1 -j DROP

also note that if that was a valid command, you would be blocking 1.1.1.1/0 which is identical to 0.0.0.0/0 i.e. *everything*!

rickh 03-04-2008 08:29 AM

It's not really 1.1.1.1 I wish to block, I just put those numbers in as an example. Thanks for the advice, I'll try doing it correctly.

Edit:Amazing how easy it is if you know what you're doing. Thanks again.

acid_kewpie 03-04-2008 10:10 AM

Well yes of course, but i meant that any.ip.at.all/0 == 0.0.0.0/0 == everything


All times are GMT -5. The time now is 10:24 AM.