Block IP addresses: Difference between revisions

From WickyWiki
← Older editNewer edit →
No edit summary
Line 4: Line 4:
* https://help.ubuntu.com/community/IptablesHowTo
* https://help.ubuntu.com/community/IptablesHowTo


See also: [[Configure iptables firewall]]
See also: [[Configure iptables Firewall]]


== Fix syslog error at startup ==
== Fix syslog error at startup ==

Revision as of 11:04, 6 January 2013

Install

Install Firestarter GUI for iptables:

See also: Configure iptables Firewall

Fix syslog error at startup

sudo gedit /etc/rsyslog.d/99-fixlog.conf
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none -/var/log/messages

sudo service rsyslog restart

Enable block rule

To block 123.11.112.1 with iptables: 

iptables -I INPUT -s 123.11.112.1 -j DROP

To enable this functionality in firestarter edit this file: 

sudo gedit /etc/firestarter/user-post

Add the following line to the /etc/firestarter/user-post file: 

$IPT -I INPUT -s 123.11.112.1 -j DROP

Restart service: 

sudo service firestarter restart

iptables settings

List iptables settings: 

sudo iptables -vnL

Clear all iptables settings

sudo -i

IPTABLES="$(which iptables)"

# RESET DEFAULT POLICIES
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT

# FLUSH ALL RULES, ERASE NON-DEFAULT CHAINS
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X

exit
Retrieved from "https://wjv.duckdns.org/mediawiki/index.php?title=Block_IP_addresses&oldid=1770"