Solved

IPTABLES and blocking access

Posted on 2007-12-04
3
216 Views
Last Modified: 2010-04-22
I have iptables running on a CENTOS 4.5 server.  I am getting significant requests for "CONNECT" from a Chinese friend that I would like to have go away.  I have added
-A INPUT -s 122.126.0.0/16 -j DROP  

But I keep seeing the 122.126.x.x ips showing up in the logs -- is there perhaps something wrong with the instruction?

I found in the database an answer that suggested
iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 --dport 80 -m string --string "SEARCH"

Would CONNECT do the same thing -- I am assuming that because "he" keeps getting in that he is masking the true ip address

thanks
0
Comment
Question by:Len45
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 500 total points
ID: 20408609
You may find that rules above what you have appended are accepting his connection, eg INPUT -p tcp --dport 80 -j ACCEPT or similar.

Try: iptables -I INPUT 1 -s 122.126.0.0/16 -j DROP

This will make sure that the first rule will match and drop the packets before they hit apache.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20408613
And you will need to remove the last rule in INPUT, just to keep the rules clean.
0
 

Author Comment

by:Len45
ID: 20412125
Thanks, WizRd

I am going to assume that your solution will work!  
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question