On 11/1/2011 5:07 PM, Alex wrote:
Yes, quite easy. Just doing it manually for now:
# Create the LOGDROP chain iptables -N LOGDROP iptables -F LOGDROP iptables -A LOGDROP -j LOG --log-prefix "LOGDROP " iptables -A LOGDROP -j DROP
iptables -j LOGDROP -I INPUT -s<offending_ip> -d<my_ip> -p tcp --dport 80
This will log each attempt to syslog, or just replace the LOGDROP in the last rule with DROP to avoid the logging.
Best regards, Alex
Alex:
Thanks. If you bear with a couple "hopefully-not-too-naive" questions ...
I seems to me that you are saying the actions you wish to stop are from "s <offending_ip>" using "-p tcp" ... why the need to specify the destination of "-d <my_ip>" (since if this iptables rule is called, it must have reached me regardless of my_ip) and "--dport 80" (would there be any destination port that I would allow such action from this offending_ip to occur on?).
I am seeing in the default F14 iptables:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
This looks to me like tcp on dport 22 is allowed and there I would think that the minimal change would be to insert a rule before this which says "anything from offending_ip via tcp should be rejected".
I'm still trying to get comfortable with iptables and, even though there is alot of stuff out there, I'm still working to get the necessary critical mass of understanding so it all falls into place. This thread looked like a good chance to see if I'm closer to understanding.
Appreciate in advance, Paul