LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-16-2002, 05:55 PM   #1
jcroft
LQ Newbie
 
Registered: Feb 2002
Distribution: RedHat 7
Posts: 1

Rep: Reputation: 0
Port 80 -- How to block from one specific domain? (RedHat 7.0)


Hello all...

I think what I need is some ipchains/firewall help. I'm a fairly experienced Linux user, but haven't done much with ipchains at all. I'm using RedHat 7.0.

Latley, I've been experiencing a strange problem in which my apache server is unreachable for 2-4 minutes, and then is fine again. This happens a few times per day. During the times it is going on, nmap shows the port as "filtered."

I finally caught it "in the act" today, and did a netstat, and found about a million connections on my port 80 from www.above.net. The screen just kept on scrolling with them. Now sure what they're doing or why, but I just want to block that domain from hitting my port 80.

In RedHat 7.0, what's the best way to do this? I assume I'll need an ipchains rule. I'm not sure what that rule would be, though. Also, I'm not sure where to put it so that it always runs at boot time (/etc/sysconfig/ipchains?).

Thanks in advance for any help you can offer.

Jeff C.
 
Old 02-17-2002, 03:50 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
(host www.above.net: www.above.net. has address 207.126.96.163)
To block this domain, use rule:
/sbin/ipchains -A input -p tcp -i eth0 -s 207.126.96.163 --destination-port 80 -j DENY

If RH 7.0 ipchains works like RH 7.1 iptables saves it's scripts it'll be saved at reboot time (IIRC), else you can use the ipchains-save script, else you can add the line to rc.local. Rc.local is a bad thing cuz if you manually reload rules it won't be taken into account. Rusty's old ipchains rpm package (again, IIRC) puts the firewall script in /etc/rc.d as rc.firewall, instead of using /etc/sysconfig.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
block specific users in squid alan.belizario Linux - Security 4 09-09-2005 11:43 PM
allow specific ip to browse the block site space_beyond Linux - Newbie 1 06-03-2005 09:15 AM
How to block specific IPs? cranium2004 Linux - Networking 3 04-01-2005 09:02 AM
How to hide and block a directory for a specific user hoolie_v Linux - Newbie 2 08-08-2004 07:14 AM
block specific ip addresses paperdiesel Linux - Security 3 07-21-2004 11:47 AM


All times are GMT -5. The time now is 05:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration