Zach Uram has written:
How can I use iptables to:
1) ban a specific ip address
2) ban a specific subnet such as 128.2.0.xxx
It depends on how you set the INPUT chain policy. If, as in most cases,
it is set to ACCEPT, then you just have to add a rule that tells
iptables to drop any packet coming from a given ipaddress:
# iptables -A INPUT -s 1.2.3.4 -j DROP
or from a subnet (CIDR notation):
# iptables -A INPUT -s 128.2.0.0/24 -j DROP
Make sure to put them *before* any all-pass rule, like this:
# iptables -A INPUT -j ACCEPT
Also how could I un-ban them at a later date?
just substitute -D for -A:
# iptables -D INPUT -s 1.2.3.4 -j DROP
--
Kind regards,
Marco Romano.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
