Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IPtable
Top Forums UNIX for Dummies Questions & Answers IPtable Post 302491468 by pludi on Thursday 27th of January 2011 02:13:40 PM
Old 01-27-2011
Sure. Eg, block anything not comming from the 192.168.0.0/24 network:
Code:
iptables -I INPUT 1 '!' --src 192.168.0.0/24 -j DROP

For a larger list it's probably better to create a special chain:
Code:
iptables -N whitelist
iptables -A whitelist --src 192.168.0.0/24 -j ACCEPT
iptables -A whitelist --src 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j whitelist
iptables -A INPUT -p udp --port 53 -j whitelist

In the second example all incoming packets are first matched for their protocol and port, and only then where they are coming from.
This User Gave Thanks to pludi For This Post:
goossen
 

10 More Discussions You Might Find Interesting

1. Linux

IPtable rule help need

Hi, I need to configure iptable such that whatever request comes to 192.168.0.4 needs to forwarded to 192.168.0.50 and only port 80 and 443 needs to be forwarded others need to be blocked.... Thanks gr8 forum:) (1 Reply)
Discussion started by: iron_michael86
1 Replies

2. IP Networking

unable to find iptable service

Hi Am trying to check the service of iptables using /etc/init.d/iptables status but I am not even getting this file. # /etc/init.d/iptables status -bash: /etc/init.d/iptables: No such file or directory # I tried to check whether iptables rpm is installed or not, and it is... (2 Replies)
Discussion started by: mangeshpardhi
2 Replies

3. UNIX for Advanced & Expert Users

How iptables directs to localhost in this series of iptable rules

Hello, I have implimented a dansguardian system using dansguardian and privoxy. I borrowed a script from Ubuntu CE that makes it where a firewall program like firehol is not needed and it doesn't need a reconfigure of the proxy settings in browsers to be changed. I really like it that way. All... (7 Replies)
Discussion started by: Narnie
7 Replies

4. Red Hat

How to route multiple IP addresses with IPTABLE command?

Hi, We have a router and devices for testing. We route devices with below command iptables -t nat -A PREROUTING -p tcp -d 0/0 --dport 80 -s 10.111.111.22 -j DNAT --to-destination 10.13.0.16:3128 where 10.111.111.22 is device IP. and 10.13.0.16 is our Linux box machine. Likewise we... (4 Replies)
Discussion started by: Dhruvak
4 Replies

5. Ubuntu

iptable forward packet

Hi, I have the doubt which involved following configuration. comp1<--->main<--->comp2 Comp1 sends icmp packet to main. Main takes that packet and changes destination address to comp2 and source address to it own. I can capture the packet send from comp1 to main using netfilter. I can see the... (0 Replies)
Discussion started by: arsipk
0 Replies

6. Red Hat

Need help with Iptable/Firewall on RHEL.

Hi Gurus, I am facing an issue with firewalls on one of my Linux Box. Issue : Port 8001 looks open to me and there is a weblogic process running on it netstat -alnp | grep 8001 tcp 0 0 ::ffff:3.20.247.165:8001 :::* LISTEN 28768/java lsof -ni... (5 Replies)
Discussion started by: rama krishna
5 Replies

7. Ubuntu

Ubunut iptable not routing trafic between eth1 and eth0

hello, first of all i am new to unix so maybe my problem is very easy for many of you but is very important to me. So the idea is that i want to use a ubuntu 10.4 machine as a router from eth0 to eth1. but the traffic routing is nor working properly i configured the 2 interfaces to be... (2 Replies)
Discussion started by: florin.bv
2 Replies

8. Red Hat

iptable port forwarding between two lan interface

Hi, How can I config iptables to allow port forwarding from one WAN interface to second lan interface . In my system I have one wan interface 61.93.204.56 (eth0),and lan interface 10.2.1.52(eth1) I want to make port forward port no 22 from 61.93.204.56 to port 22 , 10.2.1.52 , tcp and udp... (1 Reply)
Discussion started by: chuikingman
1 Replies

9. UNIX for Advanced & Expert Users

Iptable and port forwarding

Hello, I have a routeur linksys (192.168.1.1 ) a firewall (192.168.1.55 IN ----> 192.168.2.254 OUT) which using iptable I want to acces to an equipment (lorex video camera serveur 192.168.2.44) which using an ddns service on the port 9000 So i don t know which redirection a will do on the... (2 Replies)
Discussion started by: tapharule
2 Replies

10. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

LEARN ABOUT DEBIAN

shorewall-blacklist

SHOREWALL-BLACKLIST(5)						  [FIXME: manual]					    SHOREWALL-BLACKLIST(5)

NAME

       blacklist - Shorewall Blacklist file

SYNOPSIS

       /etc/shorewall/blacklist

DESCRIPTION

       The blacklist file is used to perform static blacklisting. You can blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       ADDRESS/SUBNET (networks) - {-|~mac-address|ip-address|address-range|+ipset}
	   Host address, network address, MAC address, IP address range (if your kernel and iptables contain iprange match support) or ipset name
	   prefaced by "+" (if your kernel supports ipset match). Exclusion (shorewall-exclusion[1](5)) is supported.

	   MAC addresses must be prefixed with "~" and use "-" as a separator.

	   Example: ~00-A0-C9-15-39-78

	   A dash ("-") in this column means that any source address will match. This is useful if you want to blacklist a particular application
	   using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (proto) - {-|[!]protocol-number|[!]protocol-name}
	   Optional - If specified, must be a protocol number or a protocol name from protocols(5).

       PORTS - {-|[!]port-name-or-number[,port-name-or-number]...}
	   Optional - may only be specified if the protocol is TCP (6) or UDP (17). A comma-separated list of destination port numbers or service
	   names from services(5).

       OPTIONS - {-|{dst|src|whitelist|audit}[,...]}
	   Optional - added in 4.4.12. If specified, indicates whether traffic from ADDRESS/SUBNET (src) or traffic to ADDRESS/SUBNET (dst) should
	   be blacklisted. The default is src. If the ADDRESS/SUBNET column is empty, then this column has no effect on the generated rule.

	       Note
	       In Shorewall 4.4.12, the keywords from and to were used in place of src and dst respectively. Blacklisting was still restricted to
	       traffic arriving on an interface that has the 'blacklist' option set. So to block traffic from your local network to an internet
	       host, you had to specify blacklist on your internal interface in shorewall-interfaces[2] (5).

	       Note
	       Beginning with Shorewall 4.4.13, entries are applied based on the blacklist setting in shorewall-zones[3](5):

		1. 'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic from this zone is passed against the entries in this file that have
		   the src option (specified or defaulted).

		2. 'blacklist' in the OPTIONS or OUT_OPTIONS column. Traffic to this zone is passed against the entries in this file that have the
		   dst option.
	   In Shorewall 4.4.20, the whitelist option was added. When whitelist is specified, packets/connections that match the entry are not
	   matched against the remaining entries in the file.

	   The audit option was also added in 4.4.20 and causes packets matching the entry to be audited. The audit option may not be specified in
	   whitelist entries and require AUDIT_TARGET support in the kernel and iptables.

EXAMPLE

       Example 1:
	   To block DNS queries from address 192.0.2.126:

		       #ADDRESS/SUBNET	       PROTOCOL        PORT
		       192.0.2.126	       udp	       53

       Example 2:
	   To block some of the nuisance applications:

		       #ADDRESS/SUBNET	       PROTOCOL        PORT
		       -		       udp	       1024:1033,1434
		       -		       tcp	       57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

       /etc/shorewall/blacklist

SEE ALSO

       http://shorewall.net/blacklisting_support.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. shorewall-zones
	   http://www.shorewall.net/manpages/shorewall-zones.html

[FIXME: source] 						    06/28/2012						    SHOREWALL-BLACKLIST(5)
All times are GMT -4. The time now is 03:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy