Re: Blocking incoming IP address immediately

From: Tim Haynes (usenet-20041129_at_stirfried.vegetable.org.uk)
Date: 11/29/04 

Date: Mon, 29 Nov 2004 17:28:44 +0000

"Jeff Franks" <jfranks1970@charter.net> writes:

>> Shouldn't you use iptables -I INPUT -s 123.45.67.89 -j DROP (or REJECT)
>>
>> with -A you "a"dd the rule to the end of your chain, with -I you "i"nsert
>> it
>> at the beginning of the chain...
>
> Thanks for the reply. I did change this in the last test I did last night.
> The script does read "-i" now instead of -a. It appeared to have no effect
> on the blocking of the traffic though.

There's something screwy here. -I would have the effect of prepending the
rule right at the top of the INPUT chain, so effects should be immediate.
How do you know your other firewall rules are taking effect? Do you have
any regular rule-replacement happening, e.g. through cron? Are you getting
any error messages running that? What does `iptables -nL' show immediately
afterwards?

How are you interacting with redhat's firewall rules, too? Traditionally
they keep a version in /etc/sysconfig/ somewhere, that is used on system
startup. However, my own preference is to have a master script such as
/root/iptables.sh, which I run and use to update the system-wide version.
(I'm normally on Gentoo, so it's /var/lib/iptables/rules-save to me, but
something under /etc/sysconfig/ to you.)

~Tim 

-- 
zsh % perl -ce 'more or less'               |piglet@stirfried.vegetable.org.uk
-e syntax OK                                |http://pig.sty.nu/Pictures/

Relevant Pages

  • Re: IPTABLES doesnt work
    ... considering that RH includes this tool and it doesnt work out of ... Chain FORWARD ... Chain RH-Firewall-1-INPUT ... # Save current firewall rules on restart. ...
    (Fedora)
  • Re: question of self-defense law
    ... immediate. ... a muzzle loading revolver, ... baseball bat, sword, bowie knife, chain saw...? ... jurisdiction has cover self-defense weapons. ...
    (misc.survivalism)