Block IP addresses: Difference between revisions

From WickyWiki
← Older edit
No edit summary
m 15 revisions
 
(One intermediate revision by one other user not shown)
Line 53: Line 53:
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
sudo service firestarter restart
sudo service firestarter restart
</syntaxhighlight>
== Clear all iptables settings ==
<syntaxhighlight lang=bash>
sudo -i
IPTABLES="$(which iptables)"
# RESET DEFAULT POLICIES
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
# FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
exit
</syntaxhighlight>
</syntaxhighlight>


Latest revision as of 07:26, 5 July 2013

Install

Install Firestarter GUI for iptables:

See also: Configure iptables Firewall

Fix syslog error at startup

sudo gedit /etc/rsyslog.d/99-fixlog.conf
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none -/var/log/messages

sudo service rsyslog restart

Enable block rule

To block 123.11.112.1 with iptables: 

iptables -I INPUT -s 123.11.112.1 -j DROP

To enable this functionality in firestarter edit this file: 

sudo gedit /etc/firestarter/user-post

Add the following line to the /etc/firestarter/user-post file: 

$IPT -I INPUT -s 123.11.112.1 -j DROP

Restart service: 

sudo service firestarter restart
Retrieved from "https://wjv.duckdns.org/mediawiki/index.php?title=Block_IP_addresses&oldid=1773"