> > > Hi all, > I am running a site on my laptop (http://localhost or > http://10.160.0.186on ubuntu) > its accessible to my virtual machine having Ip address 10.0.2.15 > and I dont want any incoming get request from my virtual machine to my site > so I am setting rule (iptables -A INPUT -s 10.0.2.15 -j DROP) > > but its not working ...I still can open my site through virtual machine > what is wrong from my side? how to set rule to block IP so than cant access > my site? > thank you > > It's been a while I have worked with iptables, so I could be wrong, but the rule you have specified seems to block incomiing requests from source (-s) IP 10.0.2.15. So only requests that come from that IP will be blocked.
The rule to block all incoming traffic is iptables -A INPUT -j DROP *But beware this will lock you out of your server.* When blocking incoming traffic you want to typically follow this strategy: 1. Set accept rules for allowing traffic on port 80 (if that is what you desire) 2. Set accept rules for allowing traffic on port 22 the SSH port (otherwise you will be locked out of that computer without being able to access it at all) 3. Set accept rule to allow all traffic originating from that machine (I believe this is the rule you have specified) 4. Set a rule to drop everything else look at this example for more help http://www.cyberciti.biz/tips/linux-iptables-4-block-all-incoming-traffic-but-allow-ssh.html -- Thanks & Regards Parag Shah http://blog.adaptivesoftware.biz http://diycomputerscience.com
-- ubuntu-in mailing list ubuntu-in@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
