Here is the listing of all rules, obtained via IPTABLES -L command. However, they may not be persisted on reboot, depending on your configuration.I'm struggling to understand why I can't open port 61616 by adding IPTABLES rule. Be sure to add another rule with -s or -src instead of -d if you want to block incoming traffic from their network too.ģb) Changes made with the iptables command take effect immediately. But the example you provide will only block packets being sent from your network to theirs.
If you do, you should insert those rules at the top of the table using -I INPUT 1 instead of -A INPUT. So your options are a bit limited here.ģa) Assuming you have no ACCEPT rules in the INPUT chain, yes.
This will effectively put those addresses in a whitelist, as you indicate you don't want to do.
If you want to keep a network blocked, but still allow access from one particular address in that network, you will have to insert two ACCEPT rules at the top of the INPUT chain, one to allow incoming traffic, and one outgoing: iptables -I INPUT 1 -src 111.222.333.444 -j ACCEPT (This is a courtesy to them, so you don't send a connection request that they could never respond to, for example.)Ģb) In order to unblock an IP or network, you can simply remove it from the list entirely. This can be done in scripting languages like Perl or Python.Ģa) The two lines refer to incoming and outgoing data - the firewall will block attempts by that network to communicate with your server/network, and attempts by your server/network to communicate with that network. 1) You are going to have to not grep the iptables output, but rather process the output, turning the IP subnets that are blocked into a bitmask that you can compare against the address you are interested in.
0 kommentar(er)
