How to whitelist IP in the iptables while it is already there blocked?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to whitelist IP in the iptables while it is already there blocked?
Hello,
some application repeatedly blocking my IP in IPtables, (i dont know what is her motive and which one it is)
it always add it at the start of the INPUT chain. Here is whole INPUT chain:
Quote:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP all -- my-ip-here.myprovider.tld anywhere
2 ACCEPT all -- my-ip-here.myprovider.tld anywhere
3 ACCEPT all -- anywhere anywhere
4 DROP all -- some-other-ip-i-want-to-block anywhere
at this state im blocked. So while considering IP is added at the beginning of the chain, please which exact command i can use to add rule that will always overide that first DROP rule for my IP? Thank You in advance
Hello,
some application repeatedly blocking my IP in IPtables, (i dont know what is her motive and which one it is) it always add it at the start of the INPUT chain. Here is whole INPUT chain:
at this state im blocked. So while considering IP is added at the beginning of the chain, please which exact command i can use to add rule that will always overide that first DROP rule for my IP? Thank You in advance
First, you don't tell us what the "some application" is, and mention "her motive"...but don't say who the "her" is, or tell us what environment this is in.
If this is at your place of work, and you are NOT the administrator/network administrator, then you don't need to be doing ANYTHING with the firewall rules on that box. Secondly, as you've been told many times before, did you try to actually READ and LEARN anything on your own? Perhaps reading the man page on the iptables command, or any of the VERY abundant documentation??? Asking us to spoon-feed you an 'exact command' is fairly rude...essentially, you're saying that your time is worth more than ours.
If you tried reading the man pages on iptables, you'd see that (amazingly), the -A means ACCEPT and the -D means DELETE..and there's ALSO a -L for LINE number, letting you delete one specific rule. Add them up, and you get something like:
Code:
iptables -A INPUT -i interface -p tcp --dport destination-port -j ACCEPT
...becomes...
iptables -D INPUT -i interface -p tcp --dport destination-port -j ACCEPT
...OR...
iptables -L INPUT --line-numbers
..which will output the INPUT rules with line numbers. Based on that, if you would like to delete second rule:
iptables -D INPUT 2
Since we've now saved you the trouble of looking up the flags, you can actually TRY some of this on your own, and figure out the "exact command".
Also, on the general subject of "whitelisting" ... do not use "whitelisting!"
You should be using OpenVPN ... with unique digital certificates (not "PSK = pre-shared keys = passwords"). And with tls_auth so that the server won't even "pick up the telephone" unless you have pre-identified yourself properly.
The Internet is not "a safe place." You should not be accepting regular, in-bound communications from sources that you cannot verify and whose traffic is not securely encrypted. OpenVPN not only accomplishes all of these things (in a nice, "cross-platform" way), but it is virtually invisible when in use. Once a secure "tunnel" (equals "router") or "bridge" (equals "switch") is established, clients simply talk to one another, "as though it were just an ordinary address" ... but the connection is secure.
Therefore, instead of using "white lists," establish tunnels.
iptables rules are evaluated in sequence, and once a match happens in a rule with a terminating target (DROP, REJECT, ACCEPT, DNAT, etc.) no further rules are examined in that step. If that DROP rule is at the beginning of the INPUT chain, there is nothing you can do later that will affect it.
@TB0ne ignored Your post.
@sundialsvcs , thx for certainly great general advice, but i wanted solution for my question in this case
solution not yet found.
As you've been told MANY TIMES, STOP USING TEXT-SPEAK...read the LQ Rules. And just posting "solution not yet found" is not telling us what (if ANYTHING) you've done/tried. If you're just sitting there, waiting for someone to spoon-feed you an answer, good luck.
Also, you're VERY welcome for me handing you the answer, if you had bothered to put ANY effort into it. Again, you didn't read the man pages, didn't try to look anything up, and even when given a solution that requires you to do even a LITTLE work/learning of your own, you don't. You still don't tell us anything about the 'some application', who the "her" is, what kind of environment, or provide ANY details.
Again, you seem to be wanting to be spoon-fed an answer, with comments like "with exact command". Sorry, but if you're not going to provide details, answer questions, or show ANY effort of your own, why should anyone here respond to you???? This is much like many of your other posts....read the "Question Guidelines".
If that DROP rule is at the beginning of the INPUT chain, there is nothing you can do later that will affect it.
Thx, this was helpfull. So in my case (when an IP DROP rule is added on the chain beginning) i need to execute some iptables command to remove an IP (even i do not know on which line it is).. Thats the only solution except discovering which app placing the rule? I asume i can discover such app by searching my IP thru the filesystema nd then thru mysql databases..
...and again, STOP USING TEXT SPEAK...read the LQ RULES.
Quote:
So in my case (when an IP DROP rule is added on the chain beginning) i need to execute some iptables command to remove an IP (even i do not know on which line it is).. Thats the only solution except discovering which app placing the rule? I asume i can discover such app by searching my IP thru the filesystema nd then thru mysql databases..
...or you could try actually paying attention.
The VERY FIRST REPLY, I handed you the commands to figure out which lines rules were on, and handed you the command to delete them. From the snotty PM's you sent me, you say you 'learn by internet'...at what point are you going to start? You were given commands, examples, pointed to the man pages, and even told WHICH flags to look at. How much more do you require before you can do something on your own???
AGAIN, as you were asked in post #2:
Which "some application" are you talking about?
You mention "her"...is that the network administrator???
If you're not the administrator, you SHOULD NOT be circumventing network security rules. Are you?
Again, if you're not going to answer questions, there isn't much point in posting. If you expect to be spoon-fed an 'exact command' to do EXACTLY what you want, with zero effort on your part, there is also not much point in asking questions...you should hire someone to do things for you.
...and a nice follow-up to the OP's question. From private-messages:
Quote:
Originally Posted by postcd
Please do not waste my time opening the thread because of your reply: (link to this thread) Your replies do not help me and im not reading them.
...and my personal favorite from the OP:
Quote:
Originally Posted by postcd
Im not looking to waste hours of time reading some technical data to get answer to my question.
..with a good runner-up:
Quote:
Originally Posted by postcd
if you see im looking for solution, please do not fill my thread repeatedly with something im not interested in. It just wasting my precious time and we already been reading from you that you want me/us read the readme so i assume it is a waste of time also for other future readers.
So, even after being handed answers and advice, THIS is how the OP behaves. Apparently, the OP's time is 'precious', but OUR time isn't, and we should look up the EXACT command for them, to save them the task of reading/learning something.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.