Re: iptables newbie
On Saturday 08 October 2005 08:27 pm, James Gibbon wrote:
> if I try to block the aforementioned SOB's ip address on the filter
> table (when -t isn't specified it is supposed to go to the filter
> table): # iptables -A INPUT -s 123.45.67.89 <http://123.45.67.89> -j
> DROP I get:
> iptables: No chain/target/match by that name
Just leave out the "<http://...>" part to block everything coming in from
that IP, no matter what it's destination is.
> but iptables is already installed. hmmm. what next? any ideas?
If you've gotten as far as iptables complaining about the rule, it's
installed, the module is loaded, and there's no conflicting packetfilter
stuff around. It's working, in other words -- all you have to do is get
the syntax right, and it'll start filtering.
'iptables -n -L' will show you what chains and rules are there (the -n
turns off DNS lookup).
'iptables -nv -L' will tell you which rules have been matched and how many
times.
I can't say what to do about boot startup. I'm writing a big shell script,
and I'm just going to start that.
Firewalling, of course, is a huge subject. If that's what you're trying to
do, you're going to have to get a big thick book and read it. If all you
want is to stomp a few spammers, you won't need much more than that one
command: 'iptables -A INPUT -s <spammerIP> -j DROP'.
--
Glenn English
ghe@slsware.com
GPG ID: D0D7FF20
Reply to: