LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-07-2003, 12:44 PM   #1
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Rep: Reputation: 0
iptables newbie question


How do I block an IP address from accessing my server at all in iptables?

Thanks!
 
Old 10-07-2003, 03:01 PM   #2
thesnaggle
Member
 
Registered: Sep 2003
Distribution: Fedora
Posts: 52

Rep: Reputation: 15
http://www.yo-linux.com/TUTORIALS/Li...rkGateway.html

this should fix you up if you have any other questions reply and ill see if i can help
 
Old 10-07-2003, 03:09 PM   #3
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Very helpful tutorial - thank you so much. That one's much clearer and easier to understand than some others I've seen.

Thanks again.
 
Old 10-09-2003, 03:00 PM   #4
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
How do I configure iptables to allow DNS server requests?

Not real sure what I need to enable.

My iptables are currently set to block all traffic except what I allow through...

John
 
Old 10-09-2003, 03:01 PM   #5
thesnaggle
Member
 
Registered: Sep 2003
Distribution: Fedora
Posts: 52

Rep: Reputation: 15
open port 53
 
Old 10-09-2003, 03:03 PM   #6
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
You're fast!

I did that...opened port 53 both tcp and udp, and the server can request DNS from external servers and that works fine. But, the server is also a DNS server (named), and when iptables is running, outside connections don't receive DNS answers.

Would it help if I posted my iptables?

John
 
Old 10-09-2003, 03:05 PM   #7
thesnaggle
Member
 
Registered: Sep 2003
Distribution: Fedora
Posts: 52

Rep: Reputation: 15
yeah let me take a look
im fast cause when i have a problem i want an anwser now not later LOL
 
Old 10-09-2003, 03:22 PM   #8
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
THanks so much...I'm still learning iptables, so any suggestions will be appreciated:

Quote:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

#this is in here to block an attempted spammer
-A RH-Lokkit-0-50-INPUT -s 194.xxx.xxx.xxx -j REJECT

-A RH-Lokkit-0-50-INPUT -p tcp -m state --state RELATED -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 10000 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT

#Email ports
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT

#directadmin port
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2222 --syn -j ACCEPT

#dns ports
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 53 -d 0/0 -j ACCEPT


-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
Thanks again!
John

Last edited by TurtleBay; 10-09-2003 at 03:29 PM.
 
Old 10-09-2003, 03:31 PM   #9
thesnaggle
Member
 
Registered: Sep 2003
Distribution: Fedora
Posts: 52

Rep: Reputation: 15
have you tried nmaping the machine to see if 53 is open from what i can see it should work
 
Old 10-09-2003, 03:35 PM   #10
TurtleBay
LQ Newbie
 
Registered: Oct 2003
Posts: 6

Original Poster
Rep: Reputation: 0
Sorry, but what's nmaping?
 
Old 10-09-2003, 03:37 PM   #11
thesnaggle
Member
 
Registered: Sep 2003
Distribution: Fedora
Posts: 52

Rep: Reputation: 15
http://www.insecure.org/
you can get a ver for windows there and im guessing that you already have a copy on your linux system
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie iptables INPUT question new@linux Linux - Security 6 03-08-2005 11:42 AM
iptables newbie question Beauford-2 Linux - Security 4 09-26-2004 05:41 AM
newbie question about iptables and samba DarkSun4241 Linux - Networking 1 09-10-2004 10:44 PM
Newbie Question - IPTables cyberperson Linux - Networking 1 03-14-2003 11:22 PM
Iptables newbie / simple question wr3ck3d Linux - Networking 2 03-06-2003 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration