CentOS - Jan 2006 - denying access from ip address with iptables

Can someone tell me if I edit the iptables file manually to create a rule to
deny ANY access to a server
or do I need to use the gui?


-- 
Andrew Rice Jr

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jan 06, 2006 at 06:56:52AM -0600, Andrew Rice
wrote:
> Can someone tell me if I edit the iptables file manually to create a rule
to deny ANY access to a server
> or do I need to use the gui?
You can edit /etc/sysconfig/iptables for that, of course.

However, the correct way to do it, by RHEL standards, is to use iptables
to put the rules you want in place, and then use "service iptables
save"
to commit it to /etc/sysconfig/iptables.

Best Regards,

- -- 
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDvoobpdyWzQ5b5ckRAs7+AKC4pefI9jtHosdaxXHrLkTtMf3FFwCgstER
SJsvaS1pxP3HninlTfwscMs=XjRj
-----END PGP SIGNATURE-----

On Fri, 6 Jan 2006, Andrew Rice wrote:
> 
> Can someone tell me if I edit the iptables file manually to create a rule
to deny ANY access to a server
> or do I need to use the gui?
If you know how to do it then there is no problem with editing rules 
manually.

Just make sure that the rules are saved in the relevant script and not 
just run manually, otherwise restarting iptables or rebooting the machine 
would lose the setting.

Lance 

-- 
uklinux.net - 
The ISP of choice for the discerning Linux user.

Andrew Rice <andrew at nams.net> wrote:
> Can someone tell me if I edit the iptables file manually to
> create a rule to deny ANY access to a server or do I need
to
> use the gui?
You can do it a number of ways.

You can run the iptables command directly and the command
line, then run "service iptables save" and it will integrate
it into the "/etc/sysconfig/iptables" ruleset.

-- 
Bryan J. Smith     Professional, Technical Annoyance                     
b.j.smith at ieee.org      http://thebs413.blogspot.com
----------------------------------------------------
*** Speed doesn't kill, difference in speed does ***

One way that i have found is a nice easy to use solution is the 
Shorewall iptables configuration program. It is available in the CentOS 
os repository. It may be over kill but it also allows you to control 
many other aspects of the firewall with simple configuration files.

Peter

Andrew Rice wrote:
>Can someone tell me if I edit the iptables file manually to create a rule to
deny ANY access to a server
>or do I need to use the gui?
>
>
>  
>