From: Jeff Franks (jfranks1970_at_yahoo.com)
Date: Sat, 18 Sep 2004 23:18:14 -0500
I have what I think is a Noob IPTABLES question (2 actually). And I'm
hoping you guys can help me out.
1st: I have a gaming server that I host a couple of different types of games
on. Like all games, we have our issues with cheats and the like. I have a
RH9 server setup as my firewall running IPTables. I have NAT running great
and all the rules setup to forward the correct ports.
My problem is that I need to be able to "ban" all traffic coming from a
specific IP or IP range. I have used the command "/sbin/iptables -A
INPUT -s 126.96.36.199 -j REJECT"
This appears to work for the game ports only AFTER I reboot the firewall.
If the player is connected, it will let them continue to play until I
reboot. Then it will lock them out. Oddly, I can't telnet or access SSH
ports after I execute this command. Almost like it is allowing "open" ports
to continue to exist, but no new ones. I hope that makes sense. The
question is how to I make IPTABLES reject/drop/ignore the traffic from an IP
or range immediately without a firewall reboot.
2nd question is:
If I run the above command and reject someone's IP from my firewall, how do
I "unREJECT" them? I can't seem to get ACCEPT to override the REJECT.
Again, doing this on the fly is crucial to the way I run, a firewall reboot
is not what I need.
thanks for any idea.