LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Troubles blocking single IPs using IPtables (https://www.linuxquestions.org/questions/linux-networking-3/troubles-blocking-single-ips-using-iptables-165911/)

dave_blob 04-03-2004 10:43 PM
Troubles blocking single IPs using IPtables
 
ok, ive tried a fair bit to get this to work, and i really dont understand why it dosent.
ive got a Slackware 9.1 p120 box acting as a router/firewall, using iptables

Basically i want to be able to block specific IP addresses. The rest of the firewall/routing functions seem to work fine but i cant get it to block
I have tried adding $IPTABLES -A INPUT -s IPAddress -j DROP in my firewall script, but it dosent seem to do anything, i can still access that ip address.

The input part of my iptables -L
*(the line with the star is my attempt at blocking)


Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:mmcc
ACCEPT udp -- anywhere anywhere udp spt:5051
ACCEPT udp -- anywhere 255.255.255.255 udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:rfa
*DROP all -- HOSTED-BY.VIRTUALXS.COM anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- 10.0.0.0/8 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 192.168.0.0/16 anywhere
DROP all -- 169.254.0.0/16 anywhere
DROP all -- anywhere loopback/8
DROP igmp -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:https
LOG all -- anywhere anywhere LOG level warning prefix `|iptables -- '


anyone have any ideas?

ugge 04-04-2004 03:22 AM
First off: When trying to connect to this site, do you connect from your slackware box or from a client behind your firewall?

dave_blob 04-04-2004 04:50 AM
the client behind the router.

ugge 04-04-2004 05:22 AM
Then you will have to set the blocking rule in the FORWARD chain.
Packets forwarded never pass the INPUT or OUTPUT chains.
For a more detailed view have a look at http://iptables-tutorial.frozentux.n...-tutorial.html

dave_blob 04-04-2004 05:55 AM
ok, i have now tried putting it in the forward table also, with no luck.
The first line in my Forward section is
$IPTABLES -A FORWARD -s (ip to block) -j DROP

giving a forward table of:

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere HOSTED-BY.VIRTUALXS.COM
ACCEPT all -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.0.199 tcp dpt:4662
ACCEPT all -- anywhere anywhere



i checked out that linkage too, it didnt seem to say anything about ip blocking.

dave_blob 04-04-2004 06:07 AM
Ooops!
It was actually working, its just that site had some alternate IPs that it used instead. So i tested it on a different site, works a charm.
Thanks heaps, ive been tearing my hair out over this for ages.
Such a simple answer too.



All times are GMT -5. The time now is 03:35 PM.