[NBLUG/talk] denying specific hosts via bastille-based firewall?
Kyle Rankin
greenfly at greenfly.net
Mon Apr 21 11:39:00 PDT 2003
On Mon, Apr 21, 2003 at 11:29:57AM -0700, Daniel Smith wrote:
>
> What's a good way to drop certain IP addresses at
> the firewall level, as opposed to bouncing them
> from Apache?
...
If your machine supports iptables, then the command would be:
iptables -A INPUT -s 12.34.56.78 -j REJECT
That will reject all traffic originating from that IP. If you want to
limit it only to http traffic, do the following:
iptables -A INPUT -s 12.34.56.78 --dport 80 -j REJECT
If you have an ipchains-based network, the syntax is the same, just use
ipchains instead of iptables.
--
Kyle Rankin (greenfly)
http://greenfly.org
More information about the talk
mailing list