I think what I need is some ipchains/firewall help. I'm a fairly experienced Linux user, but haven't done much with ipchains at all. I'm using RedHat 7.0.
Latley, I've been experiencing a strange problem in which my apache server is unreachable for 2-4 minutes, and then is fine again. This happens a few times per day. During the times it is going on, nmap shows the port as "filtered."
I finally caught it "in the act" today, and did a netstat, and found about a million connections on my port 80 from www.above.net.
The screen just kept on scrolling with them. Now sure what they're doing or why, but I just want to block that domain from hitting my port 80.
In RedHat 7.0, what's the best way to do this? I assume I'll need an ipchains rule. I'm not sure what that rule would be, though. Also, I'm not sure where to put it so that it always runs at boot time (/etc/sysconfig/ipchains?).
Thanks in advance for any help you can offer.