top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Disabling an IP using IPTABLE

+2 votes
524 views

I am trying to do the following -
1. script_1 which can be executed to at the start to enable all IPs.
2. Whenever we want to block an IP we should call script_2 to block the IP.
3. Whenever we want to unblock an IP we should call script_3 to unblock.
4. script_4 to take the snapshot of the IPtable.

posted Nov 26, 2013 by Salil Agrawal

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+2 votes

Step1 : Initialize IPTABLE 

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -t security -F
iptables -t security -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT

Step 2: Block the traffic from an IP

iptables -I INPUT 1  -s <IP> -j DROP

Step 3: Commit the changes 

/sbin/service iptables save
answer Nov 26, 2013 by Meenal Mishra
Similar Questions
+2 votes
Can IPtable check for a valid IP address?

We suffer from DNS lookups with a response IP address which is not existing. Can Iptables check on this?

+1 vote
One to One port range forwarding to different port range using IPTABLE?

After testing and looking at the kernel source, I realize that this mapping:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-2000

Doesn't do a one-to-one port mapping
e.g.:

100.0.0.1:30000 > 192.168.0.5:10000
100.0.0.1.30001 > 192.168.0.5:10001
100.0.0.1.30002 > 192.168.0.5:10002

I was wondering if it was possible to do the 1:1 port range forwarding to different port ranges or if you have to use individual rules.

+1 vote
IPTABLE: byte counters counts 14 bytes less?

I am trying to use byte counters to know how much total data is transferred from an IP. However, simple test with ping shows that it counts 14 bytes less, probably ignoring later 2 header.

Is my understanding correct or am I missing something in this?

+5 votes
IPTable: How to forward http traffic to two IPs

I want to forward all http traffic coming in from a perticular IP at local port 8080, to 2 particular IP Addresses (port 80). Is it enough to prepend the following in my IPtable

-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination xxx.xxx.xxx.xxx:80
-A PREROUTING -s xx.xx.xx.xx/24 -p tcp --dport 8080 -j DNAT --to-destination yyy.yyy.yyy.yyy:80

+2 votes
IPTable: Issue with owner module?

I have some issue with module (owner) in iptables v1.4.14

Current rule fails:
iptables -t nat -A OUTPUT -o eth0 -p tcp -s x.x.x.x -m owner --gid-owner usergroup -j DNAT --to-destination x.x.x.x:80;
I tried to use numeric gid, it failed too..

But this rule works fine:
iptables -t nat -A OUTPUT -o eth0 -p tcp -s x.x.x.x -m owner --uid-owner user -j DNAT --to-destination x.x.x.x:80;

Is it a BUG or I am missing something?

...