Apache vulnerability?

Paul Allen Newell pnewell at cs.cmu.edu
Wed Nov 2 00:34:21 UTC 2011

On 11/1/2011 5:07 PM, Alex wrote:
> Yes, quite easy. Just doing it manually for now:
> # Create the LOGDROP chain
> iptables -N LOGDROP
> iptables -F LOGDROP
> iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
> iptables -A LOGDROP -j DROP
> iptables -j LOGDROP -I INPUT -s<offending_ip>  -d<my_ip>  -p tcp --dport 80
> This will log each attempt to syslog, or just replace the LOGDROP in
> the last rule with DROP to avoid the logging.
> Best regards,
> Alex


Thanks. If you bear with a couple "hopefully-not-too-naive" questions ...

I seems to me that you are saying the actions you wish to stop are from 
"s <offending_ip>" using "-p tcp" ... why the need to specify the 
destination of "-d <my_ip>" (since if this iptables rule is called, it 
must have reached me regardless of my_ip) and "--dport 80" (would there 
be any destination port that I would allow such action from this 
offending_ip to occur on?).

I am seeing in the default F14 iptables:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

This looks to me like tcp on dport 22 is allowed and there I would think 
that the minimal change would be to insert a rule before this which says 
"anything from offending_ip via tcp should be rejected".

I'm still trying to get comfortable with iptables and, even though there 
is alot of stuff out there, I'm still working to get the necessary 
critical mass of understanding so it all falls into place. This thread 
looked like a good chance to see if I'm closer to understanding.

Appreciate in advance,

More information about the users mailing list