2.7.1 ProblemYou want to block incoming traffic from a particular host. 2.7.2 SolutionTo block all access by that host: For iptables: # iptables -A INPUT -s remote_IP_address -j REJECT For ipchains: # ipchains -A input -s remote_IP_address -j REJECT To block requests for one particular service, say, the SMTP mail service: For iptables: # iptables -A INPUT -p tcp -s remote_IP_address --dport smtp -j REJECT For ipchains: # ipchains -A input -p tcp -s remote_IP_address --dport smtp -j REJECT To admit some hosts but block all others: For iptables : # iptables -A INPUT -s IP_address_1 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT -s IP_address_2 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT -s IP_address_3 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT [-p protocol --dport service] -j REJECT For ipchains: # ipchains -A input -s IP_address_1 [-p protocol --dport service] -j ACCEPT # ipchains -A input -s IP_address_2 [-p protocol --dport service] -j ACCEPT # ipchains -A input -s IP_address_3 [-p protocol --dport service] -j ACCEPT # ipchains -A input [-p protocol --dport service] -j REJECT 2.7.3 DiscussionYou can also block access at other levels such as TCP-wrappers. [Recipe 3.9][Recipe 3.11] 2.7.4 See Alsoiptables(8), ipchains(8). |