[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bloqueo de una IP con iptables

Hola lista... Mi situación es la siguiente.. Quiero bloquear un ip específica con IPTABLES dígase X.Y.Z.T . El problema es que antes de definir la regla del bloqueo, permito el acceso a todo el mundo al puerto 80. Al hacer un "iptables -L", me sale lo siguiente: 

Chain INPUT (policy DROP)
target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- 192.168.0.0/16 pitufina.108.168.192.in-addr.arpa tcp dpt:www flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 192.168.0.0/16 pitufina.108.168.192.in-addr.arpa tcp dpt:https flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 192.168.0.0/16 pitufina.108.168.192.in-addr.arpa tcp dpt:webcache flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 192.168.0.0/16 pitufina.108.168.192.in-addr.arpa tcp dpt:52673 flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- anywhere pitufina.108.168.192.in-addr.arpa tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 172.25.1.34 pitufina.108.168.192.in-addr.arpa tcp dpt:www flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 172.25.1.34 pitufina.108.168.192.in-addr.arpa tcp dpt:https flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT tcp -- 172.25.1.34 pitufina.108.168.192.in-addr.arpa tcp dpt:webcache flags:FIN,SYN,RST,ACK/SYN state NEW ACCEPT udp -- ouija pitufina.108.168.192.in-addr.arpa udp dpts:5004:5082 ACCEPT udp -- ouija pitufina.108.168.192.in-addr.arpa udp dpts:10000:20049 DROP all -- 192.168.102.5 pitufina.108.168.192.in-addr.arpa DROP all -- 192.168.109.25 pitufina.108.168.192.in-addr.arpa DROP all -- 192.168.102.142 pitufina.108.168.192.in-addr.arpa DROP all -- 192.168.109.169 pitufina.108.168.192.in-addr.arpa 
Chain FORWARD (policy DROP)
target prot opt source destination 
Chain OUTPUT (policy DROP)
target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere
Sin embargo las IP que quiero prohibir siguen pudiendo entrar... ¿debo hacer antes el bloqueo que el permitir el tráfico al puerto 80? Gracias 

--
.---------------------------------------------------------------------.
| Miguel J. Jiménez                                                   |
| Programador Senior                                                  |
| Área de Internet                                                    |
| migueljose.jimenez@isotrol.com                                      |
:---------------------------------------------------------------------:
| ISOTROL, S.A.                                                       |
| Edificio BLUENET, Avda. Isaac Newton nº3, 4ª planta.                |
| Parque Tecnológico Cartuja '93, 41092 Sevilla (ESP).                |
| Teléfono: +34 955 036 800 (ext.1805) - Fax: +34 955 036 849         |
| http://www.isotrol.com                                              |
:---------------------------------------------------------------------:
|   "Violence has resolved more conflicts than anything else. The     |
|   contrary opinion that violence doesn't solve anything is merely   |
|   wishful thinking at its worst." Jean Rasczak - Starship Troopers  |
'---------------------------------------------------------------------'


begin:vcard
fn;quoted-printable:Miguel J. Jim=C3=A9nez Jim=C3=A9nez
n;quoted-printable:Jim=C3=A9nez Jim=C3=A9nez;Miguel J.
org:ISOTROL, S.A.;XSL / PHP
adr;quoted-printable;quoted-printable;quoted-printable:Parque Tecnol=C3=B3gico Cartuja 93;;C/ Isaac Newton 3, 4=C2=AA;Sevilla;Sevilla;41092;Espa=C3=B1a
email;internet:migueljose.jimenez@isotrol.com
title:Programador Senior
tel;work:+34 955 036 800 (ext. 1805)
tel;fax:+34 955 036 849
tel;cell:+34 607 44 87 64
x-mozilla-html:TRUE
url:http://www.isotrol.com
version:2.1
end:vcard
Reply to: