IPTABLES and blocking access

Posted on 2007-12-04
Medium Priority
Last Modified: 2010-04-22
I have iptables running on a CENTOS 4.5 server.  I am getting significant requests for "CONNECT" from a Chinese friend that I would like to have go away.  I have added
-A INPUT -s -j DROP  

But I keep seeing the 122.126.x.x ips showing up in the logs -- is there perhaps something wrong with the instruction?

I found in the database an answer that suggested
iptables -I INPUT -j DROP -p tcp -s --dport 80 -m string --string "SEARCH"

Would CONNECT do the same thing -- I am assuming that because "he" keeps getting in that he is masking the true ip address

Question by:Len45
  • 2
LVL 13

Accepted Solution

WizRd-Linux earned 2000 total points
ID: 20408609
You may find that rules above what you have appended are accepting his connection, eg INPUT -p tcp --dport 80 -j ACCEPT or similar.

Try: iptables -I INPUT 1 -s -j DROP

This will make sure that the first rule will match and drop the packets before they hit apache.
LVL 13

Expert Comment

ID: 20408613
And you will need to remove the last rule in INPUT, just to keep the rules clean.

Author Comment

ID: 20412125
Thanks, WizRd

I am going to assume that your solution will work!  

Featured Post

7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
A question that many companies need to answer until May 25th of 2018... Is your company ready for GDPR?
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question