IPTABLES Question

From: Jeff Franks (jfranks1970_at_yahoo.com)
Date: 09/19/04


Date: Sat, 18 Sep 2004 23:18:14 -0500

I have what I think is a Noob IPTABLES question (2 actually). And I'm
hoping you guys can help me out.

1st: I have a gaming server that I host a couple of different types of games
on. Like all games, we have our issues with cheats and the like. I have a
RH9 server setup as my firewall running IPTables. I have NAT running great
and all the rules setup to forward the correct ports.

My problem is that I need to be able to "ban" all traffic coming from a
specific IP or IP range. I have used the command "/sbin/iptables -A
INPUT -s 123.123.123.123 -j REJECT"

This appears to work for the game ports only AFTER I reboot the firewall.
If the player is connected, it will let them continue to play until I
reboot. Then it will lock them out. Oddly, I can't telnet or access SSH
ports after I execute this command. Almost like it is allowing "open" ports
to continue to exist, but no new ones. I hope that makes sense. The
question is how to I make IPTABLES reject/drop/ignore the traffic from an IP
or range immediately without a firewall reboot.

2nd question is:

If I run the above command and reject someone's IP from my firewall, how do
I "unREJECT" them? I can't seem to get ACCEPT to override the REJECT.
Again, doing this on the fly is crucial to the way I run, a firewall reboot
is not what I need.

thanks for any idea.

jf



Relevant Pages

  • Re: [kde] Im feeling paranoid - with good reason.
    ... There should be a script in /etc/rc.d/init.d that starts iptables and loads ... the ruleset in /etc/sysconfig/iptables. ... Things like suse2 firewall. ... Check for open ports by running nmap localhost. ...
    (KDE)
  • Re: Gui for configuring NTP
    ... >>> behind a firewall that does not have these ports opened. ... As I became more proficient with iptables and trimmed cruft (and used ... The medium hard part is opening a specific second hole to a single address "out there" using the trusted machine acccess to get in so I can perform the tweak. ...
    (Fedora)
  • Re: how nmap can know my firewalled servers ?
    ... block localhost with iptables ... Dropping traffic at a firewall violates RFC and makes it ... True, I am using DROP state on my iptables, but even when I changed ... GMT+2 Interesting ports on localhost: ...
    (Security-Basics)
  • Re: iptables install
    ... > base for a customizable firewall with iptables. ... > traffic except for the ports specifically allowed. ... >> experienced linux users. ...
    (comp.os.linux.security)
  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)