deny http access based on IP on FC3
ncherry at comcast.net
Mon Jan 23 17:11:02 UTC 2006
Andy Green wrote:
> yonas abraham wrote:
>> I want to block a given IP from accessing my site, which is running
>> apache on a fully uptodated FC3 machine.
>> I taught I would just put the ip on /etc/hosts.deny and restart the
>> machine. But It is not working. I can block an access to sshd very
>> simply by adding the IP or sshd: IP and it works fine.
>> I wouldn't mind blocking every service to that IP in my machine but
>> preferably only httpd block.
> iptables -I INPUT -p tcp --dport 80 -s 18.104.22.168 -j DROP
> service iptables save
> will do what you need. Leave out the --dport 80 to make the guy coming
> from 22.214.171.124 unable to touch your box at all in tcp.
But be aware that he may still be able to get to your UDP services.
Linux Home Automation Neil Cherry ncherry at linuxha.com
http://www.linuxha.com/ Main site
http://linuxha.blogspot.com/ My HA Blog
http://home.comcast.net/~ncherry/ Backup site
More information about the users