An Unknown Indian

Thoughts of a FOSS enthusiast

iptables….

Posted by Balachandran on December 4, 2006

        Hey folks… I got really excited today. I just learnt how to use the iptables command for various purposes :). I learnt how to use the command to set up new rules, append to existing rules, drop rules…etc. The site from which I learnt them was a good. the link is http://www.netfilter.org/documentation/HOWTO .

The commands that i tried were

#iptables -A INPUT -s <some I P> -p <some protocol> -j DROP

for blocking all packets of the corresponding protocol from that given IP. The -A command is used to add rule ro an existing ipchain.For droping an existing chain, the option is -D. For example, to drop packets of a ping command(icmp protocol) from the loclhost, the command will be

#iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP

To undo the same, that is to remove that iptbales rule, what we simply need to do is just repeat the same command with the -A replaced by -D. Another thing I tried was to block all internet traffic to the system in which I am logged in. This is easily done with some thinking… this is what I did. I blocked all tcp packets from the main proxy.The command for doing it is.

#iptables -A INPUT -s 10.0.0.2 -p tcp -j DROP

Here, all tcp packets arriving from 10.0.0.2,the proxy to this system are dropped.Since web traffic is also a tcp based traffic, it also gets blocked…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: