deny http access based on IP on FC3
Jeff Vian
jvian10 at charter.net
Sat Jan 28 02:41:48 UTC 2006
On Mon, 2006-01-23 at 12:11 -0500, Neil Cherry wrote:
> Andy Green wrote:
> > yonas abraham wrote:
> >> hi,
> >>
> >> I want to block a given IP from accessing my site, which is running
> >> apache on a fully uptodated FC3 machine.
> >>
> >> I taught I would just put the ip on /etc/hosts.deny and restart the
> >> machine. But It is not working. I can block an access to sshd very
> >> simply by adding the IP or sshd: IP and it works fine.
> >>
> >> I wouldn't mind blocking every service to that IP in my machine but
> >> preferably only httpd block.
> >
> > iptables -I INPUT -p tcp --dport 80 -s 123.123.123.123 -j DROP
> > service iptables save
> >
> > will do what you need. Leave out the --dport 80 to make the guy coming
> > from 123.123.123.123 unable to touch your box at all in tcp.
>
> But be aware that he may still be able to get to your UDP services.
>
if you use the line such as
iptables -I INPUT -s 123.123.123.123 -j DROP
he wont be able to get to ANY services.
> --
> Linux Home Automation Neil Cherry ncherry at linuxha.com
> http://www.linuxha.com/ Main site
> http://linuxha.blogspot.com/ My HA Blog
> http://home.comcast.net/~ncherry/ Backup site
>
More information about the fedora-list
mailing list