|
|
Blocking an IP address to access the linux server - Linux
|
Views : 600
|
|
Tagged in : Linux
|
|
|
Report This Scrap as Inappropriate
We request you to choose the appropriate categroy and subcategory that suits your
objectionable concern about the scrap, So that our team can review and find out whether it violates our Guidelines or the
scrap is not suitable for all viewers.
|
We can block an ip address from accessing the linux server.This can done by using APF
(for information about APF please refer to the scrap 'Advaced Policy Firewall-APF' in hiox.org).
Here is the scarp that tells you about blocking your linux server from specific IP address
To Block:
You can do this in two ways:
*The first is using apf command as in the following syntax:
apf -d (or) --deny [IP address]
eg:
apf -d 198.168.0.12
*The second way is to manually edit the /etc/apf/deny_hosts.rules -configuration file
you can specify the IP or domain name in this file.
For example to deny the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/deny_hosts.rules file:
192.168.0.1
station1.XXXXX.com
To allow
This can be also done in two ways:
*The first is using apf command as in the following syntax:
apf -a (or) --allow [IP address]
eg:
apf -d 198.168.0.12
*The second way is to manually edit the /etc/apf/allow_hosts.rules -configuration file
you can specify the IP or domain name in this file.
For example to allow the IP address 198.162.0.12 and the domain station1.XXXXX.com,You must specify the following in etc/apf/allow_hosts.rules file:
192.168.0.1
station1.XXXXX.com
In this file, You can also specify what kind of services that are allowed to access.For this the syntax is:
[tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP
As an example, to allow the ip address 192.168.0.12 to access the port 22 service of linux server,you can specify as in the following:
tcp:in:d=22:s=192.168.0.12 |
|
By Selva, On - 2008-04-17 |
|
|
|
