IPtables&CSF

Posted: May 2, 2013 in General linux

1. To check if an ip is blocked in a server or not.

csf -g IP

grep 81.226.54.65 /etc/csf/csf.deny

grep 81.226.54.65 /var/log/lfd.log

Using IP tables

iptables -nL|grep IP

2. To unblock IP in iptables

iptables -A INPUT -s 74.129.142.20 -j ACCEPT

3. To delete an entry in iptables

iptables -D INPUT -s xx.xxx.xx.xx/yy -j DROP

iptables -D INPUT -p tcp –dport 6588 -j DROP

iptables -D INPUT -s “207.58.140.12” -j DROP

4.To restart

csf> csf -r

5. When you are not able to telnet localhost 25

check /etc/csf/csf.conf

smtp_block=’0′

6. To save new rules

/etc/init.d/iptables save

7. To block a specific IP

iptables -I INPUT -s “207.58.140.12” -j DROP

8. To Allow incoming to port 22 and 80:

iptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 -m state \–state NEW -j ACCEPT

iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 -m state \–state NEW -j ACCEPT

9. To View all current iptables rules:

iptables -L -v

10. To View all INPUT rules:

iptables -L INPUT -nv

How to block and unblock all ports:

11. To block port 25:

iptables -A INPUT -p tcp –dport 25 -j DROP

iptables -A INPUT -p udp –dport 25 -j DROP

12. To enable port 25:

iptables -A INPUT -p tcp –dport 25 -j ACCEPT

iptables -A INPUT -p udp –dport 25 -j ACCEPT

13. To track the connection state

iptables -A INPUT -p tcp -m state –state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -m state –state NEW,ESTABLISHED -j ACCEPT

14. To Drop incoming UDP packets on port 137 and 138 without logging

iptables -A INPUT -p UDP –dport 137 -j DROP

iptables -A INPUT -p UDP –dport 138 -j DROP

15. To Accept all other incoming UDP packets

iptables -A INPUT -p UDP -j ACCEPT

16. To View max tracked connections

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max

17. To Set max tracked connections

# add the following line to rc.local if sysctl.conf doesn’t exist

echo 128000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

18. To View Current HASHSIZE

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets

iptable rule to block an IP from accessing a domain

07 Sunday Oct 2012

Posted by cpanel stuffs in ip block, iptables

≈ Leave a Comment

You can use the following rule to block an IP from accessing a single domain.

iptables -I INPUT -s SOURCE_IP -p tcp –dport 80 -m string –string domain.com –algo bm -j DROP

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s