[BlueOnyx:11905] Re: Need to remove a rejected IP

[Gerald Waugh]

On 01/05/2013 05:22 AM, Fungal Style wrote:
> Hi all...
>
> I suspect this would not be an issue for a production machine, but 
> iptables rules are removed if the server is restarted, correct?

Depends on /etc/sysconfig/iptables-config
default is to "remove the rules" although it can be changed



> > On Thu, 3 Jan 2013, Richard Barker wrote:
> >
> > > I used this command to block an attacker
> > > route add -net x.x.x.x netmask 255.255.255.255 reject
> > >
> > > if I do a netstat -nrl I get this
> > > x.x.x.x - 255.255.255.255 !H - - - -
> > >
> > > How do I get it removed ?
> >
> > I've found different versions of route are terribly picky about syntax,
> > in particular, some demand the netmask portion, and some don't.
> >
> > Try:
> >
> > route del -net x.x.x.x netmask 255.255.255.255
> >
> > and
> >
> > route add -net x.x.x.x
> >
> > Your particuar 'man route' man page may provide some clues.
> >
> > If you don't want to reboot, you could take the interface down and bring
> > it back up, though clearly you *DON'T* want to do this unless you have a
> > console or alternate method of getting into and controlling the box as
> > you could get locked out if things don't behave as they should.
> >
> > Try:
> >
> > service network restart
> >
> > That should restart the network with the box's 'default' network 
> settings
> > and any manually entered, but otherwise unsaved routes should go away.
> >
> > In general, iptables should be used to block attacks rather than adding
> > null routes:
> >
> > iptables -A INPUT -s <sourceIP(/netmask) -j DROP <--- -A adds rule
> >
> > iptables -D INPUT -s <sourceIP(/netmask) -j DROP <--- -D deletes rule
> >
> > Check man iptables for help on that.
> >
> > =^_^= Tigerwolf
> _
-- 
Gerald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130105/a0faa7be/attachment.html>