LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2010, 02:03 AM   #1
vijith.pa@gmail.com
LQ Newbie
 
Registered: Feb 2009
Posts: 26

Rep: Reputation: 0
Question Block some ipaddres in Iptables (Ubuntu)


hai guyz,

Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet

Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.


Output of iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Now i want to block some ip address and port ways i tried lot of things in internet
when i type iptables -A INPUT -s 192.168.1.150 -j REJECT (i found in internet it will block that ip address for getting internet and any access through my sys)


Now th Output


Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT all -- 192.168.1.112 anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


it will block icmp protocol only


I want to know how block ipaddress and port address ways...............
 
Old 08-03-2010, 02:13 AM   #2
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
Quote:
Originally Posted by vijith.pa@gmail.com View Post
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT all -- 192.168.1.112 anywhere reject-with icmp-port-unreachable

[...]

it will block icmp protocol only
No, this lines means ALL packages coming from this address are rejected. 'icmp-port-unreachable' is the method used for rejection. It is default behavior for hosts without firewall when there is just nothing listening on that port, so iptables emulates this behavior. That's a good idea because it hides the fact you are using a firewall. The alternative would be DROP instead of REJECT, DROP will just never reply. If any other ports on your box DO reply, an attacker will know you are using some firewall.

BTW, DROP makes a good policy (better than ACCEPT), so you can write rules to only allow what you want to allow. This is much more secure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
client ipaddres variable bobthehorrible Linux - Server 1 11-05-2007 03:46 PM
Block and allow with Iptables help! conrado Slackware 2 10-26-2007 11:31 AM
iptables-p2p - Instalation problems | How to block p2p with iptables Woping Linux - Networking 0 03-14-2006 01:56 PM
IPTables and PPTPD :S (to block or not to block) thewonka Linux - Networking 0 03-24-2005 07:58 PM
IPtables - Block all except what I allow ]SK[ Linux - Software 4 02-10-2005 07:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration