Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-21-2004, 09:41 PM
|
#1
|
Member
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477
Rep:
|
How do I deny host?
I want to deny one person from being able to use services one my machine, specifically a web server, based on their ip address. I tried adding them to the hosts.allow file, but that didn't yield any results. Is there any other way I can deny someone from using services on the machine?
Thanks for any help.
|
|
|
02-22-2004, 12:36 AM
|
#2
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
If you wanted to deny someone, you'd normally use hosts.deny. But not all services use tcpwrappers (hosts allow/deny) and specifically Apache does not. Probably the best way is to just use iptables:
As root do:
iptables -I INPUT -p tcp --dport 80 -s xxx.xxx.xxx.xxx -j DROP
You might have to adjust the destination port (--dport) if you're using a non-standard http port and substitute in the offending IP.
----EDIT---
If you want to keep them from accessing anything at all just do:
iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP
Last edited by Capt_Caveman; 02-22-2004 at 12:38 AM.
|
|
|
02-22-2004, 11:17 AM
|
#3
|
Member
Registered: Aug 2002
Location: Phoenix, AZ
Distribution: PCLinuxOS 2012.08
Posts: 430
Rep:
|
Can't help you, but I love your sig!
Siri Amrit
|
|
|
02-22-2004, 02:00 PM
|
#4
|
Member
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477
Original Poster
Rep:
|
Thanks for the iptables help. I was able to deny the person by using directory protection of the webserver's document root.
|
|
|
All times are GMT -5. The time now is 08:04 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|