LinuxQuestions.org - Deny FTP by IP address with ipchains

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Deny FTP by IP address with ipchains (https://www.linuxquestions.org/questions/linux-security-4/deny-ftp-by-ip-address-with-ipchains-185969/)

loiter99

05-26-2004 04:53 AM

Deny FTP by IP address with ipchains

Hello,
I am just starting out and would like to know how I can use ipchains to deny FTP(SSH) & web access to all but a select few internal addresses.

Specifically, I am looking for examples, I have been unable to find specific examples in my search.

Thank you,
J

Technoslave

05-26-2004 09:19 AM

well, typically, with firewalls and the like, you deny access to everything, then only allow the addresses you want.

are you sure you're using ipchains and not iptables?

loiter99

05-26-2004 09:24 AM

iptables

Sorry it is iptables, I have been reading a ton on this stuff and it is all jumbled around, sorry :)

Can you provide an example of an iptable that denies telnet to everyone except a few local IPs?

Thanks
J

topche

05-27-2004 01:54 PM

iptables -N ftp_deny
iptables -A ftp_deny -J DROP
iptables -I INPUT -p tcp --dport 21 -j ftp_deny
well this is bloking port 21
now we accept:
iptables -I ftp_deny -s $some_ip -j RETURN

and that is all

All times are GMT -5. The time now is 11:34 AM.