LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-04-2008, 08:21 AM   #1
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Add temporary rule to Iptables


I don't have extreme needs for a Firewall. I have the hardware firewall on my router, backed up by Firestarter. My iptables rules are set up by Firestarter. This is an excerpt from "# iptables -L -n"
Code:
.
.
.
Chain INBOUND (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.123.0/24     0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:6696:6699 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:6696:6699 
LSI        all  --  0.0.0.0/0            0.0.0.0/0 
.
.
.
For the current session only, I wish to also block a specific IP address (1.1.1.1). I assume that I can do that using the iptables command to add the rule, but...
Code:
debian64:~# iptables -A INBOUND DROP       all  --  1.1.1.1/0             anywhere
Bad argument `DROP'
Try `iptables -h' or 'iptables --help' for more information.

debian64:~# iptables -h
iptables v1.4.0

Usage: iptables -[AD] chain rule-specification [options]
.
.
.
What am I doing wrong?
 
Old 03-04-2008, 08:25 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
well that's not an iptables command... that you copying the verbose output and pasting it back in... big mistake!

iptables -A INPUT -s 1.1.1.1 -j DROP

also note that if that was a valid command, you would be blocking 1.1.1.1/0 which is identical to 0.0.0.0/0 i.e. *everything*!
 
Old 03-04-2008, 08:29 AM   #3
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Original Poster
Rep: Reputation: 60
It's not really 1.1.1.1 I wish to block, I just put those numbers in as an example. Thanks for the advice, I'll try doing it correctly.

Edit:Amazing how easy it is if you know what you're doing. Thanks again.

Last edited by rickh; 03-04-2008 at 08:42 AM.
 
Old 03-04-2008, 10:10 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Well yes of course, but i meant that any.ip.at.all/0 == 0.0.0.0/0 == everything
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 03:33 PM
iptables(marking) + ip rule add fwmark 1 table 200 + ip route add via GW table 200 ?? amitsharma_26 Linux - Networking 9 05-26-2010 06:42 AM
iptables bash script to add offending ip's to temporary chain NinjaGuru Programming 1 01-08-2008 10:05 AM
help with iptables rule!! vishamr2000 Linux - Security 6 11-09-2005 05:34 AM
IPTables Rule... Grim Reaper Linux - Software 8 04-28-2003 12:20 PM


All times are GMT -5. The time now is 09:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration