Block IP addresses: Difference between revisions
From WickyWiki
| Line 54: | Line 54: | ||
== iptables settings == | == iptables settings == | ||
List iptables settings: | List iptables settings: | ||
| Line 60: | Line 61: | ||
sudo iptables -vnL | sudo iptables -vnL | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Configuring iptables: | |||
* http://www.lammertbies.nl/comm/info/iptables.html | |||
== Clear all iptables settings == | == Clear all iptables settings == | ||
Revision as of 10:57, 6 January 2013
Install
Install Firestarter GUI for iptables:
Fix syslog error at startup
sudo gedit /etc/rsyslog.d/99-fixlog.conf
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
sudo service rsyslog restart
Enable block rule
To block 123.11.112.1 with iptables:
iptables -I INPUT -s 123.11.112.1 -j DROP
To enable this functionality in firestarter edit this file:
sudo gedit /etc/firestarter/user-post
Add the following line to the /etc/firestarter/user-post file:
$IPT -I INPUT -s 123.11.112.1 -j DROP
Restart service:
sudo service firestarter restart
iptables settings
List iptables settings:
sudo iptables -vnL
Configuring iptables:
Clear all iptables settings
sudo -i IPTABLES="$(which iptables)" # RESET DEFAULT POLICIES $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT # FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t mangle -F $IPTABLES -t mangle -X exit
