I run CentOS on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, port scanning, viruses scanning for the ability to spread, things like that. In this article, I’ll show you how to block an IP address on Linux server using IPTables.

The First, I’ll assume you are already using iptables. If you need help setting that up, read this article.

How do I block an IP address ?

Example I want to block incoming request from IP 1.2.3.4, login as root and type the following command

# iptables -I INPUT -s 1.2.3.4 -j DROP

Where,
– I: Inserts the chain at the top of the rules.
– s: Match source IP address.
– j: Jump to the specified target chain when the packet matches the current rule.

To drop packets coming in on interface eth0 from 1.2.3.4, type the following command

# iptables -I INPUT -i eth0 -s 1.2.3.4 -j DROP

How do I block a subnet ?

Use the following syntax to block 10.0.0.0/8

# iptables -I INPUT -s 10.0.0.0/8 -j DROP

How do I save blocked IP address ?

To save blocked IP address to iptables config file, type the following command

# service iptables save

Or

# /etc/init.d/iptables save

How Do I Unblock An IP Address?

First, you need to display blocked IP address along with line number and other information, type the following command

# iptables -L INPUT -n --line-numbers
# iptables -L INPUT -n --line-numbers | grep 1.2.3.4

Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  1.2.3.4              0.0.0.0/0
2    LOCALINPUT  all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     udp  --  203.162.4.1          0.0.0.0/0           udp spts:1024:65535 dpt:53

To unblock 1.2.3.4 you must delete line number 1, enter:

# iptables -D INPUT 1

The post How Do I Block An IP Address On Linux Server ? appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

By default iptables firewall stores its configuration at /etc/sysconfig/iptables file. Type the following command to see its

# cat /etc/sysconfig/iptables

Or

# iptables -L

Temporarily delete all the firewall rules

At first, create flush.iptables script with following command

# vi flush.iptables

Add the following content

#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Finally, run flush.iptables script with the following command

# sh flush.iptables

After running flush.iptables script, if you restart the iptables, you’ll see all the default rules again. So, flush is only temporary.

Permanently remove all the default firewall rules

Step 1. Flush all these rules temporarily, as we discussed above.
Step 2. Saving firewall rules to /etc/sysconfig/iptables. Type the following command

# /etc/init.d/iptables save

Or

# iptables-save > /etc/sysconfig/iptables

The post How To Flush/Remove All Iptables Rules In Linux appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Save Iptables rules

Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. To save netfilter rules, type the following command as root:

# /etc/init.d/iptables save 

If you are using IPv6, enter:

# /etc/init.d/ip6tables save 

The above commands will write the current iptables configuration to /etc/sysconfig/iptables. The next time the system boots, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables. You can also save the iptables rules to a separate file for distribution, backup or other purposes. Type the following command as root

# iptables-save > /root/iptables.rules

If you are using IPv6, enter:

# ip6tables-save  > /root/iptables.rules

Restore Iptables rules

To restore it use the command iptables-restore, type the following command as root:

# iptables-restore < /root/iptables.rules

If you are using IPv6, enter:

# ip6tables-restore < /root/iptables.rules

The post How To Save/Restore Iptables Rules appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Iptables should be installed by default on all CentOS 3.x, 4.x and 5.x installations. You can check to see if iptables is installed on your system by:

# rpm -q iptables

Sample output

iptables-1.3.5-5.3.el5_4.1

How to enable firewall

Login as root and type the following command

# /etc/init.d/iptables start
# chkconfig iptables on

If you are using IPv6, enter:

# /etc/init.d/ip6tables start
# chkconfig ip6tables on

And to see if iptables is actually running, we can check that the iptables modules are loaded, type the following command

# lsmod | grep ip_tables

Something look like:

ip_tables              29288  1 iptable_filter
x_tables               29192  6 ip6t_REJECT,ip6_tables,ipt_REJECT,xt_state,xt_tcpudp,ip_tables

How to disable firewall

Login as root and type the following command

# /etc/init.d/iptables stop
# chkconfig iptables off

If you are using IPv6, enter:

# /etc/init.d/ip6tables stop
# chkconfig ip6tables off

The post How To Enable/Disable Firewall On Centos / RedHat / Fedora appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

#!/bin/sh
# A simple shell to build a Firewall anti SYN Flood
# Under CentOS, Fedora and RHEL / Redhat Enterprise Linux
# servers.
# ----------------------------------------------------------------------------
# Written by LongVNIT 
# (c) 2009 lifeLinux under GNU GPL v2.0+

IPT="iptables"
MODPROBE="modprobe"
IF="eth0"
IP="192.168.1.112"
PORT="22 80 443"
CHECK_TIME=60
BAN_TIME=120
HITCOUNT=10
MOD="ip_tables ip_conntrack iptable_filter ipt_state"

# Load Module
for M in $MOD
do
	$MODPROBE $M
done

# Flush IPTables
$IPT -F
$IPT -X
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

# Define SYN_CHECK CHAIN
$IPT -N SYN_CHECK

# BAN IP IN 
$IPT -t mangle -A PREROUTING -p TCP -d $IP -m recent --name SYN --update --seconds $BAN_TIME --hitcount $HITCOUNT -j DROP

# DROP INVALID PACKET
$IPT -A INPUT -p TCP ! --syn -m state --state NEW -j DROP

# ACCPET ALL ESTABLISHED PACKET
$IPT -A INPUT -i $IF -m state --state ESTABLISHED -j ACCEPT

# CHECK SYN
for P in $PORT
do
	$IPT -A INPUT -i $IF -p TCP -d $IP --dport $P -m state --state NEW -j SYN_CHECK
done

# ACCEPT
for P in $PORT
do
	$IPT -A INPUT -i $IF -p TCP -d $IP --dport $P -m state --state NEW -j ACCEPT
done

# SYN_CHECK CHAIN
$IPT -A SYN_CHECK -m recent --set --name SYN
$IPT -A SYN_CHECK -m recent --name SYN --update --seconds $CHECK_TIME --hitcount $HITCOUNT -j LOG --log-level 5 --log-prefix "SYN_FLOOD"
$IPT -A SYN_CHECK -m recent --name SYN --update --seconds $CHECK_TIME --hitcount $HITCOUNT -j DROP

The post Anti SYN Flood with IPTables appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.