LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-03-2004, 11:43 PM   #1
dave_blob
Member
 
Registered: Nov 2003
Distribution: Slackware 9.1
Posts: 41

Rep: Reputation: 15
Troubles blocking single IPs using IPtables


ok, ive tried a fair bit to get this to work, and i really dont understand why it dosent.
ive got a Slackware 9.1 p120 box acting as a router/firewall, using iptables

Basically i want to be able to block specific IP addresses. The rest of the firewall/routing functions seem to work fine but i cant get it to block
I have tried adding $IPTABLES -A INPUT -s IPAddress -j DROP in my firewall script, but it dosent seem to do anything, i can still access that ip address.

The input part of my iptables -L
*(the line with the star is my attempt at blocking)


Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:mmcc
ACCEPT udp -- anywhere anywhere udp spt:5051
ACCEPT udp -- anywhere 255.255.255.255 udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:rfa
*DROP all -- HOSTED-BY.VIRTUALXS.COM anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- 10.0.0.0/8 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 192.168.0.0/16 anywhere
DROP all -- 169.254.0.0/16 anywhere
DROP all -- anywhere loopback/8
DROP igmp -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:https
LOG all -- anywhere anywhere LOG level warning prefix `|iptables -- '


anyone have any ideas?
 
Old 04-04-2004, 04:22 AM   #2
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
First off: When trying to connect to this site, do you connect from your slackware box or from a client behind your firewall?
 
Old 04-04-2004, 05:50 AM   #3
dave_blob
Member
 
Registered: Nov 2003
Distribution: Slackware 9.1
Posts: 41

Original Poster
Rep: Reputation: 15
the client behind the router.
 
Old 04-04-2004, 06:22 AM   #4
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Then you will have to set the blocking rule in the FORWARD chain.
Packets forwarded never pass the INPUT or OUTPUT chains.
For a more detailed view have a look at http://iptables-tutorial.frozentux.n...-tutorial.html
 
Old 04-04-2004, 06:55 AM   #5
dave_blob
Member
 
Registered: Nov 2003
Distribution: Slackware 9.1
Posts: 41

Original Poster
Rep: Reputation: 15
ok, i have now tried putting it in the forward table also, with no luck.
The first line in my Forward section is
$IPTABLES -A FORWARD -s (ip to block) -j DROP

giving a forward table of:

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere HOSTED-BY.VIRTUALXS.COM
ACCEPT all -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.0.199 tcp dpt:4662
ACCEPT all -- anywhere anywhere



i checked out that linkage too, it didnt seem to say anything about ip blocking.

Last edited by dave_blob; 04-04-2004 at 07:07 AM.
 
Old 04-04-2004, 07:07 AM   #6
dave_blob
Member
 
Registered: Nov 2003
Distribution: Slackware 9.1
Posts: 41

Original Poster
Rep: Reputation: 15
Ooops!
It was actually working, its just that site had some alternate IPs that it used instead. So i tested it on a different site, works a charm.
Thanks heaps, ive been tearing my hair out over this for ages.
Such a simple answer too.


Last edited by dave_blob; 04-04-2004 at 07:08 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking certain IPs with iptables - what am I doing wrong? thinksincode Linux - Security 2 12-21-2004 11:27 AM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 11:06 AM
Blocking A Class of Ips w/ Iptables kemplej Linux - Security 4 09-03-2004 12:02 PM
Blocking IPs bluelaguna Linux - Security 2 05-28-2004 03:08 PM
Blocking IPS clanehleader Linux - Security 2 09-01-2003 11:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration