banning an ip via iptables

[wpte]

it just wont work...

I want to block an ip-adress from accessing my webserver via WAN, since he's being refreshing a single page over 600 times a day the last 5 days

I tried the following things:

iptables -D INPUT -s 1.1.1.1 -j DROP

and

iptables -A INPUT -s 1.1.1.1 -j DROP

these are from some google results, but that french guy is still refreshing!

don't really have another clue how to ban him off, since I opened up port 80... so making an exeption?

full post firewall now:

#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

#rtorrent
iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 51777:51780 -j ACCEPT
iptables -I INPUT 1 -p udp -i "$1" --dport 6881 -j ACCEPT

#block bad ip-adresses
iptables -D INPUT -s 91.121.111.28 -j DROP

iptables -A INPUT -j DROP

can someone help me out?

[Tamadite]

Try

Code:

iptables -I INPUT -s 1.1.1.1 -j DROP

[wpte]

still a negative result

[Tamadite]

still a negative result

Can you post the result of the following:

Code:

iptables -L INPUT -n -v --line-numbers

BTW, sorry for the question but I suppose the address 1.1.1.1 is a fictitious address you later exchange by the real one, right?

[wpte]

I put it in a TXT file, so the lay-out won't be lost
but this is pretty random...

I just noticed this guy as like... 6 IP adresses

and no, I don't think it's nice to post up someone's ip
this time one of his is in the list to

I'm gonna list everything now, try if it works

just a question...
if I have like a host with subdomains, and I ban the standart host... will it also do all the subdomains?
cos he has a big range, and far over 6 ip's

[wpte]

yeh... I fixed it, 21 ip's in total
hopefully they don't change over time

[Tamadite]

Good to know you are controlling the situation.

iptables does not understand about domains or subdomains. iptables understands IPs and IP ranges. So even in the case you specify something like:

iptables -I INPUT -s kpn.com -J DROP

iptables will resolve kpn.com into 145.7.192.133 and add it to the INPUT chain.

It could be that your undesired user gets dynamic IP address from the ISP. In that case you have found a sort-term solution. I would recommend working on limiting the burst of connections to the web server.

[darius]

Good to know you are controlling the situation.

iptables does not understand about domains or subdomains. iptables understands IPs and IP ranges. So even in the case you specify something like:

iptables -I INPUT -s kpn.com -J DROP

iptables will resolve kpn.com into 145.7.192.133 and add it to the INPUT chain.

It could be that your undesired user gets dynamic IP address from the ISP. In that case you have found a sort-term solution. I would recommend working on limiting the burst of connections to the web server.

Hi,

could you refer me to some working examples of dynamic interactive firewalls
based on iptables, monitoring traffic on known ports and limiting traffic burts,
appending suspected intruders to banned IP/ banned Mac files .
Any such system should show self-learning feature.


I would like to learn how to control each incoming packet
by setting source IP, source Mac, time zone, list of privileged users and more.

And to have web interface to control users, used protocols, set time zones, user numbr limit and more.
I hope there is a number of intelligent solutions of this type already on a market.

Darius