LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-09-2005, 01:19 PM   #1
basketkase999
Member
 
Registered: Dec 2004
Location: ca
Posts: 61

Rep: Reputation: 15
iptables command/iptables GUI?


Hey All,

I have two questions. First, if i wanted to block an ip or ip range what is the command to do so? Secondly, is there a GUI which manages iptables?

Cheers,
Cesar
 
Old 04-09-2005, 01:37 PM   #2
zeos
Member
 
Registered: Aug 2003
Posts: 150

Rep: Reputation: 15
iptables -A INPUT -i eth0 -s ip.to.be.blocked -m state --state NEW -j DROP

for instance:

iptables -A INPUT -i eth0 -s 61.31.1.100 -m state --state NEW -j DROP

would drop inbound packets to eth0 from that ip ...

iptables -A INPUT -i eth0 -s 61.31.0.0/24 -d any/0 -m state --state NEW -j DROP

would drop packets from 61.31.0.0 - 61.43.255.255

alot of folks use "firestarter" as a gui to iptables, can't say that I have, but it seems fairly popular.
 
Old 04-10-2005, 08:54 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by zeos
iptables -A INPUT -i eth0 -s 61.31.0.0/24 -d any/0 -m state --state NEW -j DROP

would drop packets from 61.31.0.0 - 61.43.255.255
actually, that example would only drop packets from 61.31.0.0 - 61.31.0.255...

BTW, IMHO it's simpler and more effective to block the IP or subnet without specifying the packet's state... like, for one IP:
Code:
iptables -A INPUT -s 61.31.0.112 -j DROP
or for the whole subnet:
Code:
iptables -A INPUT -s 61.31.0.0/24 -j DROP
just my two cents...


Last edited by win32sux; 04-10-2005 at 09:15 AM.
 
Old 04-11-2005, 12:49 AM   #4
basketkase999
Member
 
Registered: Dec 2004
Location: ca
Posts: 61

Original Poster
Rep: Reputation: 15
Thanks a lot guys! I appreciate it
 
Old 04-12-2005, 11:47 AM   #5
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370

Rep: Reputation: 44
maybe give "guarddog" a try as well for GUI
 
Old 04-12-2005, 02:43 PM   #6
Imanerd
Member
 
Registered: Dec 2004
Location: Bay Area, California
Distribution: Fedora Core 3
Posts: 65

Rep: Reputation: 15
I use Gnome and I just go to System settings>Security and configure it from there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
What's the best GUI for IPTables ? rizhun Linux - Networking 4 08-27-2005 12:07 PM
Building a GUI for iptables chingyenccy Linux - Newbie 1 01-19-2005 07:49 AM
DISCUSSION: Helpful Hints and an iptables GUI jeremy LinuxAnswers Discussion 2 08-01-2004 04:25 PM
Iptables GUI tuxq Linux - Security 7 07-18-2004 08:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration