Project

General

Profile

Forums » Open discussion »

Iptables Issue

Added by raman lal over 7 years ago

GoAdmin ® 3.3-1406088000

I am using this goautodial.
I want to block ip through iptables.

The problem i am facing whenever iptables is active agents do receive calls.
When ever i stop the iptables then it works. Kindly help me to fix this issue. I am using this code.

st: Create whitelistIP file and folder name firewall
#mkdir /usr/src/firewall
#touch /usr/src/firewall/whitelistIP.txt

2nd: Add the Ip's or Domain allowed to access server, one per line
#nano /usr/src/firewall/whitelistIP.txt
192.168.0.1
supportalg.test.com
10.10.10.10

Note: Save file then exit

3rd: Locate where the iptables command is located in your linux machine
#which iptables
#which iptables-save

#which iptables
/sbin/iptables

#which iptables-save
/sbin/iptables-save

4th: IPTables script
nano /usr/src/firewall/firewall.sh

copy and paste the below script

#!/bin/bash
  1. allowed ip file location
    WHITELIST=/usr/src/firewall/whitelistIP.txt #
    1. Specify where IP Tables is located #
      IPTABLES=/sbin/iptables
      IPTABLES_SAVE=/sbin/iptables-save #
    2. Save current iptables running configuration in case we want to revert back
    3. To restore using our example we would run "/sbin/iptables-restore < /usr/src/iptables.last" #
      $IPTABLES_SAVE > /usr/src/iptables.last #
    4. Clear current rules #
      ##If current INPUT policy is set to DROP we will be locked out once we flush the rules
    5. so we must first ensure it is set to ACCEPT. #
      $IPTABLES -P INPUT ACCEPT
      echo 'Setting default INPUT policy to ACCEPT'
      $IPTABLES -F
      echo 'Clearing Tables F'
      $IPTABLES -X
      echo 'Clearing Tables X'
      $IPTABLES -Z
      echo 'Clearing Tables Z'
      #Always allow localhost.
      echo 'Allowing Localhost'
      $IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT #
    6. Whitelist #
      for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
      echo "Permitting $x..."
      $IPTABLES -A INPUT -s $x -j ACCEPT
      done
  2. block all other traffice
    $IPTABLES -A INPUT -p all -j DROP #
    1. Save the rules so they are persistent on reboot. #
      /etc/init.d/iptables save

Note: Save file then exit

5th: Make the script executable
#chmod +x /usr/src/firewall/firewall.sh

6th: run/execute the script
#/usr/src/firewall/firewall.sh

check the rules
#iptables -L -n


Replies (5)

RE: Iptables Issue - Added by Ankit Aparajey over 7 years ago

Hello,

your script is denying all the SIP and vicidial inside ports which is required in order to function it properly. I don't know why you need to block IPs like this but instead of putting script like this you can use fail2ban to configure your IP blocking.

If you have any query, please feel free to reach my team.

Thank You
incorpus TeleNetworks
Skype : incorpus.support
email :

RE: Iptables Issue - Added by raman lal about 7 years ago

how to configure fail2ban to do this?

RE: Iptables Issue - Added by striker 247 about 7 years ago

the above script will block all the request and allow only 127.0.0.1 and the ips mentioned in whitelist

if you want to block an ip just use the ipables command

iptables -I INPUT -s ipaddress -j DROP

for eg if you want to block an ip 88.88.88.88
the type
iptables -I INPUT -s 88.88.88.88 -j DROP
iptables-save

regards
striker
www.striker24x7.blogspot.com

RE: Iptables Issue - Added by raman lal about 7 years ago

we want to block all ips and only allow our ips.
how do we do that?

RE: Iptables Issue - Added by Jefferson Varias about 7 years ago

By default, you just need to comment out rules from the iptables to block all access on a service. Please post your working iptables rules.

    (1-5/5)     Go to top