IPTABLES Question

From: Jeff Franks (jfranks1970_at_yahoo.com)
Date: 09/19/04

• Next message: Paul Lutus: "Re: A new antispam algorithm is fit for linux"
• Previous message: Oleg G. Penkin: "A new antispam algorithm is fit for linux"
• Next in thread: chris_at_nospam.com: "Re: IPTABLES Question"
• Reply: chris_at_nospam.com: "Re: IPTABLES Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 18 Sep 2004 23:18:14 -0500

I have what I think is a Noob IPTABLES question (2 actually). And I'm
hoping you guys can help me out.

1st: I have a gaming server that I host a couple of different types of games
on. Like all games, we have our issues with cheats and the like. I have a
RH9 server setup as my firewall running IPTables. I have NAT running great
and all the rules setup to forward the correct ports.

My problem is that I need to be able to "ban" all traffic coming from a
specific IP or IP range. I have used the command "/sbin/iptables -A
INPUT -s 123.123.123.123 -j REJECT"

This appears to work for the game ports only AFTER I reboot the firewall.
If the player is connected, it will let them continue to play until I
reboot. Then it will lock them out. Oddly, I can't telnet or access SSH
ports after I execute this command. Almost like it is allowing "open" ports
to continue to exist, but no new ones. I hope that makes sense. The
question is how to I make IPTABLES reject/drop/ignore the traffic from an IP
or range immediately without a firewall reboot.

2nd question is:

If I run the above command and reject someone's IP from my firewall, how do
I "unREJECT" them? I can't seem to get ACCEPT to override the REJECT.
Again, doing this on the fly is crucial to the way I run, a firewall reboot
is not what I need.

thanks for any idea.

jf

• Next message: Paul Lutus: "Re: A new antispam algorithm is fit for linux"
• Previous message: Oleg G. Penkin: "A new antispam algorithm is fit for linux"
• Next in thread: chris_at_nospam.com: "Re: IPTABLES Question"
• Reply: chris_at_nospam.com: "Re: IPTABLES Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [kde] Im feeling paranoid - with good reason. ... There should be a script in /etc/rc.d/init.d that starts iptables and loads ... the ruleset in /etc/sysconfig/iptables. ... Things like suse2 firewall. ... Check for open ports by running nmap localhost. ... (KDE) Re: Gui for configuring NTP ... >>> behind a firewall that does not have these ports opened. ... As I became more proficient with iptables and trimmed cruft (and used ... The medium hard part is opening a specific second hole to a single address "out there" using the trusted machine acccess to get in so I can perform the tweak. ... (Fedora) Re: how nmap can know my firewalled servers ? ... block localhost with iptables ... Dropping traffic at a firewall violates RFC and makes it ... True, I am using DROP state on my iptables, but even when I changed ... GMT+2 Interesting ports on localhost: ... (Security-Basics) Re: iptables install ... > base for a customizable firewall with iptables. ... > traffic except for the ports specifically allowed. ... >> experienced linux users. ... (comp.os.linux.security) Re: Feedback solicited - best way to harden a mail/web server? ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ... (comp.os.linux.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint