Re: iptables: banning ip ranges?

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: iptables: banning ip ranges?
From: Marco Romano <marco@pito.mine.nu>
Date: Wed, 26 Nov 2008 10:02:03 +0100
Message-id: <[🔎] 492D108B.5080701@pito.mine.nu>
In-reply-to: <[🔎] ecfa260c0811252341l760ea734h8afdd082703266ba@mail.gmail.com>
References: <[🔎] ecfa260c0811252341l760ea734h8afdd082703266ba@mail.gmail.com>

Zach Uram has written:

How can I use iptables to:

1) ban a specific ip address
2) ban a specific subnet such as 128.2.0.xxx

It depends on how you set the INPUT chain policy. If, as in most cases,it is set to ACCEPT, then you just have to add a rule that tellsiptables to drop any packet coming from a given ipaddress:


# iptables -A INPUT -s 1.2.3.4 -j DROP

or from a subnet (CIDR notation):

# iptables -A INPUT -s 128.2.0.0/24 -j DROP

Make sure to put them *before* any all-pass rule, like this:

# iptables -A INPUT -j ACCEPT

Also how could I un-ban them at a later date?


just substitute -D for -A:

# iptables -D INPUT -s 1.2.3.4 -j DROP

--
Kind regards,
                                                          Marco Romano.

Reply to:

References:
- iptables: banning ip ranges?
  - From: "Zach Uram" <netrek@gmail.com>

Prev by Date: Re: Fw: shorewall newbie Revisit: new IP
Next by Date: Re: Erase cache, clean registry in Linux
Previous by thread: iptables: banning ip ranges?
Next by thread: shutdown -r hangs
Index(es):
- Date
- Thread