Iptables: Expiring Ip Block
Jul 15, 2009
I'm trying to figure out an iptables rule to block certain ips for a limited duration, after which the block rule will be removed.
hits to the iptables filter while the ip is blocked should not renew the timer.
i got as far as:
iptables -A INPUT -m recent --name blacklist --rcheck --seconds 10 -j REJECT
iptables -A INPUT -m recent --name blacklist --remove
but how do i blacklist an ip now ? (this needs to be done via external app and not via iptables matches/hitcounts)
iptables -A INPUT -s xxx.xxx.xxx.xxx -m recent --name blacklist --set
would renew the blacklist every time that ip sends a packet no matter if it is blocked or not. and also that rule would remain in iptables even when expired
View 5 Replies
ADVERTISEMENT
Apr 13, 2009
For some reason, I want to block port 25 for temporary time while editing the exim config and open it back using iptables -F command.
Anyone can let me know the command to block port 25 using IPtables command.
View 14 Replies
View Related
Apr 25, 2008
I use
iptables -I INPUT -s 60.216.238.212 -j DROP
To block ip, not working
After issue
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I can still see
87 218.86.252.158
163 219.150.191.62
301 60.216.238.212
60.216.238.212 still has 301 connection, any idea.
Basically, I use ddos-deflate to block ddos attack.
I already set the max conection to 25.
But it seems not working.
all the connections over 25 have not been blocked.
Did I miss something?
I mean after I issue
iptables -I INPUT -s 60.216.238.212 -j DROP
Do I need to do something like refresh iptables?
View 0 Replies
View Related
Jun 20, 2007
What is the command I need to issue to block an IP address from my server? I need to block both inbound and outbound access.
I need the rule to append to existing rules so if the server is rebooted the rule will still be in effect.
View 9 Replies
View Related
Jul 1, 2007
I recently looked at my secure and mesaages log and have been getting a lot of failed SSH root login attempts. So I thought I better do something about it.
Ideally I want to allow SSH login from just 3 remote public IP's, and block all others from even trying
How would you go about implementing this?
I have tried using IPTables, but I think im getting the rule wrong somewhere.
Here is what I have:
Code:
## Access to SSH from Pre-approved IP Addresses ONLY ##
iptables -I INPUT 1 -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 22 -s 123.123.123.124 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -s 123.123.123.125 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 22 -s 0.0.0.0 -j DROP
However this still lets me login from IPs not in the list above?
View 8 Replies
View Related
Jul 2, 2008
Ran an update on my CPANEL setup and I got four emails from WHM that say:
Certificate for courier-pop3d on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
Certificate for exim on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
Certificate for cpanel on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
Certificate for courier-imapd on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under "Manager Service SSL Certificates", or by clicking this link: [url]
Anyone suffered the same thing. I can probably pin this to the update of CPanel. But I want to make sure of whats the correct steps to take upon receiving this.
As I don't want to install some new CERTS as my WHM is telling me to if its a dupe.
View 6 Replies
View Related
Aug 12, 2008
I've noticed that one of my "competitor" fansites has gone into redemption. Just like mine, this site was completely non-profit, but unlike mine it had not been updated for about 3 or 4 years!
Now before you mention it, yes I would like some traffic from the site, but I'd much rather not see another standard site published by a company that buys old domains and sells them on. It's extremely frustrating when you click on a link and get a site filled with google adwords, absolutely no information and a "Buy this domain" link.
I'm not planning to automatically redirect anyone to my site from it, but rather post some information on what's gone on and a list of where they can find the information they were probably after including sites that I do not own.
What is the best way to purchase the domain?
How can I find out exactly when it will run out and be available?
Is there any way to preorder it or anything like that?
The only info I can find is:
Registrar: EASYSPACE LTD.
Whois Server: whois.easyspace.com
Referral URL: [url]
Name Server: NS1.MYDYNDNS.ORG
Name Server: NS2.MYDYNDNS.ORG
Name Server: NS3.MYDYNDNS.ORG
Name Server: NS4.MYDYNDNS.ORG
Status: redemptionPeriod
Updated Date: 29-jul-2008
Creation Date: 19-jun-2000
Expiration Date: 19-jun-2008
View 2 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Aug 4, 2006
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!
View 2 Replies
View Related
Jan 20, 2008
I need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?
I mean ... Will this slow down the machine response?
View 7 Replies
View Related
May 24, 2007
What do you prefer or what do you think is better, iptables or apf for a firewall?
View 9 Replies
View Related
Apr 13, 2009
i install csf on centos,
my server is working but the network is unreachable,
i try to run "service iptables stop",
and the server is unreachable now,
i check from whm,it shows csf is working,
but i ssh the server and type "service iptables status",
it shows "firewall is stopped",
is it correct?
is not,how can i fix the issue?
View 11 Replies
View Related
Apr 10, 2009
Is there a way for me to whitelist myself or something?
I get up everyday and have to call LSN because my server has blocked me for some reason...
View 10 Replies
View Related
Feb 4, 2007
If I keep getting spam from a certain IP, can I add that IP to Iptables? Will it stop me receiving spam from that IP? I'm not quite sure how it all works.
Or what is the most effective method to stop spam?
View 14 Replies
View Related
Sep 21, 2007
I've got two VPS's and both have the same ruleset for outbound EG_TCP
Code:
EGF="1"
EG_TCP_CPORTS="21,25,37,43,53,80,110,113,123,443,873,2089,3306"
EG_UDP_CPORTS="53,465,873,6277"
Whenever I turn EGF to 1 my VPS locks me out of everything, I need togo into hyperVM to turn it off and restart my firewall.
What would cause this?
It's Fedora Core 5 on OpenVZ i've googled and cannot seem to find a reason why it would do that. Could be something in the host node kernel that may need adjusting?
View 2 Replies
View Related
May 15, 2007
I am working with iptables and am trying to figure out the best ruleset for cpanel servers.
I have a few custom ports for a few services, but other than that, does anyone have a recommended ruleset for the typical cpanel cluster?
View 5 Replies
View Related
Sep 12, 2007
how can i clear iptables?
i enter many ip in it that most of them is worng and i must clear it
View 2 Replies
View Related
Oct 29, 2007
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?
View 6 Replies
View Related
Mar 25, 2007
I got blocked by my server. Hivelocity helped me to gain access by my server.
I was told that to avoid being blocked again I should type
iptables -A INPUT 202.155.151.185 -j ACCEPT
What I ended up was
iptables -A INPUT 202.155.151.185 -j ACCEPT
Bad argument `202.155.151.185'
Try `iptables -h' or 'iptables --
View 5 Replies
View Related
Sep 27, 2007
i have code :
1. IF=`/sbin/route | grep -i 'default' | awk '{print$8}'`
2. IP=`/sbin/ifconfig $IF | grep "inet addr" | awk -F":" '{print$2}' | awk '{print $1}'`
3. IPT="/usr/sbin/iptables"
4. NET="any/0"
5. DNS="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy"
6. SERV_TCP="22 80 443 "
7. SERV_UDP="53 123"
8. HI_PORTS="1024:65535"
........
i dont know line of 5's sense .I am must changed warrant is what?
View 5 Replies
View Related
Oct 6, 2007
Code:
# iptables -D INPUT -s 25.55.55.55 -j DROP
iptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory
What is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.
View 1 Replies
View Related
Nov 7, 2006
I have installed APF on box and set ports for in and out and enabled it.. of course, iptables is running from booting..
[root@localhost /]# runlevel
N 3
[root@localhost /]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost /]# chkconfig --list | grep apf
apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off
but when I check it like this
[root@localhost ~]# service iptables status
Firewall is stopped.
[root@localhost ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: ^[[A [ OK ]
[root@localhost ~]# service iptables status
Firewall is stopped.
it said iptables is stop...even I start manually...
I am not sure APF is running correctly because of iptables..
View 10 Replies
View Related
Sep 10, 2006
# apf -r
Unable to load iptables module (ip_tables), aborting.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# uname -a
Linux servername 2.6.17.9 #1 SMP Sun Aug 27 17:08:11 ICT 2006 i686 athlon i386 GNU/Linux
is there any reason that I cannot use iptables? If I edit monokern option in apf to 1, I cannot use ftp in passive mode
View 14 Replies
View Related
Feb 7, 2008
I have CSF installed on one of our server.
CSF dont ban the IP and if manually it is done I get following error.
----------------
csf -d 195.88.65.47
Adding 195.88.65.47 to csf.deny and iptables DROP...
iptables: Index of insertion too big
DROP all opt -- in !lo out * 195.88.65.47 -> 0.0.0.0/0
Error: iptables command [/sbin/iptables -v -I INPUT 2 -i ! lo -s 195.88.65.47 -j DROP] failed, at line 864
-------------------
Also iptables is not running on server.
If status is checked it says its stopped.
I have many sites on my server I dont want to get any downtime.
Please let us know how can we fix this issue as soon as possible.
I have tried reinstall CSF but still the issue remains same.
View 3 Replies
View Related
Sep 16, 2007
I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
View 4 Replies
View Related
Jun 4, 2007
root@xxxx[~]# service iptables status
Firewall is stopped.
root@xxxx[~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@xxxx[~]# service iptables status
Firewall is stopped.
why not iptables don't start ?
View 4 Replies
View Related
Apr 23, 2009
i create a template for xen ( hypervm ) from jailtime site. now i install iptables , but iptables do not work and when i enter " service iptables restart" , iptables do not start. ( i check it from "service iptables status" )
View 4 Replies
View Related
Apr 23, 2007
I used a script to block some unwanted countries from accessing my site. In total I had about 3000 lines with ipranges. Now I just went ahead and put this on one of the servers, one that I really don't need the traffic on. But I am wondering what kind of affect this may have on the speeds. Will it really affect it more then a few ms? And anything else I should maybe worry about? Except maybe the loading time at reboots.
View 2 Replies
View Related
Aug 5, 2008
After I start iptables:
service iptables start
There is not any message coming up.
When use
service iptables status,
It said:
iptables: Firewall is not running.
My os is fedora core 6
View 10 Replies
View Related
May 28, 2009
My site is under DDOS attack. I run this command
netstat -an | grep :80 | grep ffff | awk '{print $5}' | cut -f 4 -d : | sort | uniq -c | sort -n | tail -10
And find a lot of IP that are attacking. After that, i run
iptables -A INPUT -s xxx -j DROP
to block IP, and
service iptables save
service iptables restart
But when i run netstat command abouve, i found IP are attacking still available, it seem iptables don't block it?
View 5 Replies
View Related
Aug 4, 2009
I upgraded to the 2.6.27 kernel and iptables to 1.4.2 but can't seem to get CSF to run and i believe its because of conntrack not being found:
Code:
error: "net.netfilter.nf_conntrack_icmp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout_stream" is an unknown key
net.netfilter.nf_conntrack_max = 262144
kernel config:
Code:
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
# CONFIG_NF_CONNTRACK_SECMARK is not set
# CONFIG_NF_CONNTRACK_EVENTS is not set
CONFIG_NF_CT_PROTO_DCCP=m
CONFIG_NF_CT_PROTO_SCTP=m
# CONFIG_NF_CT_PROTO_UDPLITE is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=m
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
# CONFIG_NF_CT_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m....
View 4 Replies
View Related
