deny http access based on IP on FC3
Andy Green
andy at warmcat.com
Mon Jan 23 17:01:41 UTC 2006
yonas abraham wrote:
> hi,
>
> I want to block a given IP from accessing my site, which is running
> apache on a fully uptodated FC3 machine.
>
> I taught I would just put the ip on /etc/hosts.deny and restart the
> machine. But It is not working. I can block an access to sshd very
> simply by adding the IP or sshd: IP and it works fine.
>
> I wouldn't mind blocking every service to that IP in my machine but
> preferably only httpd block.
iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP
service iptables save
will do what you need. Leave out the --dport 80 to make the guy coming
from 123.123.123.123 unable to touch your box at all in tcp.
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060123/2425478a/attachment-0001.bin>
More information about the fedora-list
mailing list