Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IPTABLES and blocking access

Posted on 2007-12-04
3
Medium Priority
?
223 Views
Last Modified: 2010-04-22
I have iptables running on a CENTOS 4.5 server.  I am getting significant requests for "CONNECT" from a Chinese friend that I would like to have go away.  I have added
-A INPUT -s 122.126.0.0/16 -j DROP  

But I keep seeing the 122.126.x.x ips showing up in the logs -- is there perhaps something wrong with the instruction?

I found in the database an answer that suggested
iptables -I INPUT -j DROP -p tcp -s 0.0.0.0/0 --dport 80 -m string --string "SEARCH"

Would CONNECT do the same thing -- I am assuming that because "he" keeps getting in that he is masking the true ip address

thanks
0
Comment
Question by:Len45
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 2000 total points
ID: 20408609
You may find that rules above what you have appended are accepting his connection, eg INPUT -p tcp --dport 80 -j ACCEPT or similar.

Try: iptables -I INPUT 1 -s 122.126.0.0/16 -j DROP

This will make sure that the first rule will match and drop the packets before they hit apache.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20408613
And you will need to remove the last rule in INPUT, just to keep the rules clean.
0
 

Author Comment

by:Len45
ID: 20412125
Thanks, WizRd

I am going to assume that your solution will work!  
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question