Apache vulnerability?
Paul Allen Newell
pnewell at cs.cmu.edu
Wed Nov 2 00:34:21 UTC 2011
On 11/1/2011 5:07 PM, Alex wrote:
>
> Yes, quite easy. Just doing it manually for now:
>
> # Create the LOGDROP chain
> iptables -N LOGDROP
> iptables -F LOGDROP
> iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
> iptables -A LOGDROP -j DROP
>
> iptables -j LOGDROP -I INPUT -s<offending_ip> -d<my_ip> -p tcp --dport 80
>
> This will log each attempt to syslog, or just replace the LOGDROP in
> the last rule with DROP to avoid the logging.
>
> Best regards,
> Alex
Alex:
Thanks. If you bear with a couple "hopefully-not-too-naive" questions ...
I seems to me that you are saying the actions you wish to stop are from
"s <offending_ip>" using "-p tcp" ... why the need to specify the
destination of "-d <my_ip>" (since if this iptables rule is called, it
must have reached me regardless of my_ip) and "--dport 80" (would there
be any destination port that I would allow such action from this
offending_ip to occur on?).
I am seeing in the default F14 iptables:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
This looks to me like tcp on dport 22 is allowed and there I would think
that the minimal change would be to insert a rule before this which says
"anything from offending_ip via tcp should be rejected".
I'm still trying to get comfortable with iptables and, even though there
is alot of stuff out there, I'm still working to get the necessary
critical mass of understanding so it all falls into place. This thread
looked like a good chance to see if I'm closer to understanding.
Appreciate in advance,
Paul
More information about the users
mailing list