Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Putting a drop on the INPUT chain would stop them from accessing your pc from that IP address. If you want do block yourself from an IP, shouldn't it go on the OUTPUT chain.
The same thing is happening with me also, even I have downloaded the latest version of iptables from www.netfilter.org
and installed it, I dont know what is the problem but I am not able to block INPUT traffic from a particular ip address as per the picox and yes uptill I know this command should stop every traffic comming from a particular IP address.
I have just modified it and it is
iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -j DROP
it must work with atleast one input source that is eth0 , but not working why I don't know ?
Nirav
you have to load your rule-set before using iptables-save. You may need to activate iptables:
$ service iptables start
Initially, there are no rules. One option is to edit /etc/rc.d/init.d/iptables
see "Iptables Tutorial 1.1.19" by Oskar Andreasson at frozentux.net for other options/more details.
---
Nirav,
try,
iptables -A INPUT -i eth0 -s -j DROP
or
iptables -A INPUT -i eth0 -s 0/0 -j DROP
Yes that is what I have tried previously the problem with the command
iptables -A INPUT -i eth0 -s -j DROP - it will show an error or something like take help by iptables -h - because we haven't provided the ip address or anything with -s option.
with the command
iptables -A INPUT -i eth0 -s 0/0 -j DROP will block all the websites - uptill I know, but I want to stop only one ip address - or say traffic from any one ip address to my computer.
Anyway I don't know any settings have been changed or what but I am not able to stop traffic from any one ip address still and the command like
iptables -A INPUT -i eth0 -s XXX.XXX.XXX.XXX -j DROP
still works fine - with no effect on traffic from that site
Hi all,
In my problem I got success after flushing all the chains and changing the default policies of chains,
I have goen through this link and utilises it to do my job http://iptables-tutorial.frozentux.n...h-iptables.txt
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.