Filter ips

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Filter ips
@ 2006-08-31 22:34 nunezj
  2006-09-01  7:35 ` Jan Engelhardt
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: nunezj @ 2006-08-31 22:34 UTC (permalink / raw)
  To: netfilter

Hi everyone

       I have some problems when I want to filter some ips in  my network

 I put this rules in the my script:

 iptables -A INPUT -s 192.168.0.5/32 -d 0/0 -p tcp --dport 20,21 -j DROP

 but it doesn't work. The same I put in the Output rules but it doen't
work....

  How can I make this filter?

regards,

             Jorge Enrique



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Filter ips
  2006-08-31 22:34 Filter ips nunezj
@ 2006-09-01  7:35 ` Jan Engelhardt
  2006-09-01  7:46 ` Gáspár Lajos
  2006-09-01 10:14 ` Pascal Hambourg
  2 siblings, 0 replies; 6+ messages in thread
From: Jan Engelhardt @ 2006-09-01  7:35 UTC (permalink / raw)
  To: nunezj; +Cc: netfilter

>Hi everyone
>
>       I have some problems when I want to filter some ips in  my network
>
> I put this rules in the my script:
>
> iptables -A INPUT -s 192.168.0.5/32 -d 0/0 -p tcp --dport 20,21 -j DROP
>
> but it doesn't work.

It may have been accepted before.

> The same I put in the Output rules but it doen't
>work....

Note that you probably need to turn -s into -d and vice versa when 
changing INPUT to OUTPUT, too.

Jan Engelhardt
-- 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Filter ips
  2006-08-31 22:34 Filter ips nunezj
  2006-09-01  7:35 ` Jan Engelhardt
@ 2006-09-01  7:46 ` Gáspár Lajos
  2006-09-01  7:56   ` Jan Engelhardt
  2006-09-01 10:14 ` Pascal Hambourg
  2 siblings, 1 reply; 6+ messages in thread
From: Gáspár Lajos @ 2006-09-01  7:46 UTC (permalink / raw)
  To: nunezj; +Cc: netfilter

nunezj@ucbcba.edu.bo írta:
> Hi everyone
>
>        I have some problems when I want to filter some ips in  my network
>
>  I put this rules in the my script:
>
>  iptables -A INPUT -s 192.168.0.5/32 -d 0/0 -p tcp --dport 20,21 -j DROP
>
>  but it doesn't work. The same I put in the Output rules but it doen't
> work....
>
>   How can I make this filter?
>
> regards,
>
>              Jorge Enrique
>   
Maybe this line will help you:

iptables -A INPUT -s 192.168.0.5 -p tcp -m multiports --dports 20,21 -j DROP

This only filters the incoming traffic
To filter the forward traffic use this:

iptables -A FORWARD -s 192.168.0.5 -p tcp -m multiports --dports 20,21 
-j DROP


iptables -vnL              is you friend !!! :)
iptables -t nat -vnL       also !!! :)

Swifty


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Filter ips
  2006-09-01  7:46 ` Gáspár Lajos
@ 2006-09-01  7:56   ` Jan Engelhardt
  2006-09-01  8:05     ` Gáspár Lajos
  0 siblings, 1 reply; 6+ messages in thread
From: Jan Engelhardt @ 2006-09-01  7:56 UTC (permalink / raw)
  To: Gáspár Lajos; +Cc: netfilter, nunezj

>
> iptables -A INPUT -s 192.168.0.5 -p tcp -m multiports --dports 20,21 -j DROP
                                                      ^

-m multiport


Jan Engelhardt
-- 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Filter ips
  2006-09-01  7:56   ` Jan Engelhardt
@ 2006-09-01  8:05     ` Gáspár Lajos
  0 siblings, 0 replies; 6+ messages in thread
From: Gáspár Lajos @ 2006-09-01  8:05 UTC (permalink / raw)
  To: Netfilter IPtableMailinglist

Jan Engelhardt írta:
>> iptables -A INPUT -s 192.168.0.5 -p tcp -m multiports --dports 20,21 -j DROP
>>     
>                                                       ^
>
> -m multiport
>
>
> Jan Engelhardt
>   
You have got the point !!! :)


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Filter ips
  2006-08-31 22:34 Filter ips nunezj
  2006-09-01  7:35 ` Jan Engelhardt
  2006-09-01  7:46 ` Gáspár Lajos
@ 2006-09-01 10:14 ` Pascal Hambourg
  2 siblings, 0 replies; 6+ messages in thread
From: Pascal Hambourg @ 2006-09-01 10:14 UTC (permalink / raw)
  To: netfilter

Hello,

nunezj@ucbcba.edu.bo a écrit :
> 
>  I put this rules in the my script:
> 
>  iptables -A INPUT -s 192.168.0.5/32 -d 0/0 -p tcp --dport 20,21 -j DROP
> 
>  but it doesn't work.

What do you mean *exactly* ?
--dport expects a port interval, not a port list : --dport 20:21


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2006-09-01 10:14 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-31 22:34 Filter ips nunezj
2006-09-01  7:35 ` Jan Engelhardt
2006-09-01  7:46 ` Gáspár Lajos
2006-09-01  7:56   ` Jan Engelhardt
2006-09-01  8:05     ` Gáspár Lajos
2006-09-01 10:14 ` Pascal Hambourg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox