I have a linux machine without iptables running and we have a new requirement to block a remote machine ( IP = 172.1.1.1 ) completely accessing our linux machine in both directions. So I need to allow "everything" except that IP address. So i tried below:
If I set the below in /etc/sysconfig/iptables file and do service iptables restart then everything is allowed (included the blocked IP)
Code:
# Default IPtables config
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [26:8868]
-A INPUT -j ACCEPT
-A OUTPUT -j ACCEPT
-A INPUT --src 172.1.1.1 -j REJECT
-A OUTPUT --dst 172.1.1.1 -j REJECT
COMMIT
If I try the below then it blocks everything
Code:
# Default IPtables config
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [26:8868]
-A INPUT --src 172.1.1.1 -j REJECT
-A OUTPUT --dst 172.1.1.1 -j REJECT
-A INPUT -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
I'm new to iptables and not sure what am I doing wrong, appreciate if any expert could help me out here please
I have 2 LAN's, seperated by a firewall, running iptables on it.
I want only allow ftp access from one to the other LAN.
Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2
Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1.
Can someone tell me how to set up the... (5 Replies)
Hi
I am looking to block an incomming IP for all the subnet in lab area. Only single Ip from Lab should be access to this incomming IP.
Block IP=10.20.50.xx
Subnet=10.30.40.xx
............................
...........................
Subnet=10.40.50.xx
can anyone explain how to do... (2 Replies)
10-21-2015
