>If you want to block access to a specific service then just modify the rule to appear this way. Something I forgot to ask is how many nics are you using? you may also have to >specify the interface they're coming in on as well.
Ex: iptables -A INPUT -p tcp --dport 25 -s 209.0.0.0 -j DROP
If you have two nics in the machine and your public interface, like mine is, eth1, then the rule would look like this:
iptables -A INPUT -i eth1 -p tcp --dport 25 -s 209.0.0.0 -j DROP
Or, you could write like this provided you have two nics;
iptables -A INPUT -i eth1 -s 209.0.0.0 -j DROP
Bastille's already existing rules shouldn't cancel out any additional rules you add to the firewall. That wouldn't exactly be a good thing.
Mark-
I have one interface on that machine and believe it or not I just copied the line above
for blocking port 25 except I replaced the IP address with another machine here and tested
it and it did NOT work. So I shut down Bastille and tried it and I was blocked! So something
in Bastille is preventing me from manually entering chains to block and that sucks :( There
must be a way around that.
I guess I could try to duplicate the Bastille rules and make my own or figure out a way around
Bastille blocking me from manually entering my own rules.
-Scott
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
