Re: apache being bombarded

From: Rodrigo Barbosa (rodrigob@tisbrasil.com.br)
Date: 03/13/02


Date: Wed, 13 Mar 2002 14:15:25 -0300
From: Rodrigo Barbosa <rodrigob@tisbrasil.com.br>
To: Mauricio Pretto <pretto@interage.com.br>

Okey, I got your point. Just to clarify it, in case some other reader didn't
got it.

iptables -A -> will add to the end of the chain
iptables -I (without rulenum) -> will add as the first entry on the chain

I just looked at the summary of the manpage, where it states:

       iptables -[RI] chain rulenum rule-specification [options]

And not

       iptables -[RI] chain [rulenum] rule-specification [options]

Maybe an update of the manpage is in order ?

On Wed, Mar 13, 2002 at 02:12:48PM -0300, Mauricio Pretto wrote:
> Its optional the rulenum
> Rodrigo Barbosa wrote:
> >On Mon, Mar 11, 2002 at 10:09:31AM +0100, Christian Gothe wrote:
> >>Geert Hauwaerts writes:
> >>
> >>>Add them in your firewall
> >>>iptables -A INPUT -i eth0 -s THERE_IP -j DROP
> >>>
> >>iptables -I INPUT -i eth0 -s THERE_IP -j DROP is the better choice in
> >>most iptables firewalls.
> >
> >Hummm, as far as I remember, -I requires a rulenum paramter.
> >Maybe you mean:
> >
> >iptables -I INPUT 1 -i eth0 -s THERE_IP -j DROP

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br
 TIS 				   - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodes?"  - http://www.tisbrasil.com.br/
 Brainbench Certified -> Transcript ID #3332104



Relevant Pages

  • Google Summer of Code 2009: Student applies to create a Better IPTables Management Tool
    ... a student) and select the Linux Foundation ... The tool focuses on helping the user to perceive what a particular chains of rules in a particular table does to a user specified packet. ... As the project aims for better IPtables management tool, I can contribute with my hard earned 3 years experience in maintenance of firewalls. ... The tools helps the user to either select all the rules in the chain or some particular rules and tells the impact of the application of selected rules upon the incoming/outgoing packet. ...
    (Linux-Kernel)
  • Fedora 17, iptables and ip6tables not allowing connections to running services
    ... I'm having an issue with both iptables and ip6tables not allowing ... This is also true when turning off ip6tables. ... --ctstate NEW -j TCP ... # Since we're not a nat box or router set the FORWARD chain to DROP: ...
    (Fedora)
  • Re: Sample iptables rules list, inviting your suggestions / criticisms (thanks) :-)
    ... iptables commandline syntax. ... rules into a user-defined chain, so you need to define them only once. ... As I had suggested in I'd put the DNS ... $ipt -P OUTPUT DROP ...
    (comp.security.firewalls)
  • Re: change in behavior of iptables with respect to firestarter
    ... in iptables are not in effect at all until I actually bring up the ... Firestarter user interface during a given session. ... Chain FORWARD (policy ACCEPT) ...
    (Debian-User)
  • Need Help Figuring Out a DMZ Setup
    ... i have just built a new firewall box running redhat 8 & iptables. ... i can access my web site on the server in the dmz. ... packets that came from that lan (like checking mail, ... # Create chain for bad tcp packets ...
    (comp.os.linux.security)