deny http access based on IP on FC3
Neil Cherry
ncherry at comcast.net
Mon Jan 23 17:11:02 UTC 2006
Andy Green wrote:
> yonas abraham wrote:
>> hi,
>>
>> I want to block a given IP from accessing my site, which is running
>> apache on a fully uptodated FC3 machine.
>>
>> I taught I would just put the ip on /etc/hosts.deny and restart the
>> machine. But It is not working. I can block an access to sshd very
>> simply by adding the IP or sshd: IP and it works fine.
>>
>> I wouldn't mind blocking every service to that IP in my machine but
>> preferably only httpd block.
>
> iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP
> service iptables save
>
> will do what you need. Leave out the --dport 80 to make the guy coming
> from 123.123.123.123 unable to touch your box at all in tcp.
But be aware that he may still be able to get to your UDP services.
--
Linux Home Automation Neil Cherry ncherry at linuxha.com
http://www.linuxha.com/ Main site
http://linuxha.blogspot.com/ My HA Blog
http://home.comcast.net/~ncherry/ Backup site
More information about the fedora-list
mailing list