Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IPTABLES and blocking access

Posted on 2007-12-04
3
Medium Priority
?
225 Views
Last Modified: 2010-04-22
I have iptables running on a CENTOS 4.5 server.  I am getting significant requests for "CONNECT" from a Chinese friend that I would like to have go away.  I have added
-A INPUT -s 122.126.0.0/16 -j DROP  

But I keep seeing the 122.126.x.x ips showing up in the logs -- is there perhaps something wrong with the instruction?

I found in the database an answer that suggested
iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 --dport 80 -m string --string "SEARCH"

Would CONNECT do the same thing -- I am assuming that because "he" keeps getting in that he is masking the true ip address

thanks
0
Comment
Question by:Len45
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 2000 total points
ID: 20408609
You may find that rules above what you have appended are accepting his connection, eg INPUT -p tcp --dport 80 -j ACCEPT or similar.

Try: iptables -I INPUT 1 -s 122.126.0.0/16 -j DROP

This will make sure that the first rule will match and drop the packets before they hit apache.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20408613
And you will need to remove the last rule in INPUT, just to keep the rules clean.
0
 

Author Comment

by:Len45
ID: 20412125
Thanks, WizRd

I am going to assume that your solution will work!  
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question