[NTLUG:Discuss] allow http request only
lee
lee at brave.com
Fri Nov 16 22:46:08 CST 2001
you don't have to worry about /etc/hosts.deny as http services are not
managed by your /etc/inetd.conf file (or /etc/xinetd.conf for recent
redhat versions).
what you want to do is modify your portsentry configuration, in the
portsentry.conf file. the default is
# New ipchain support for Linux kernel version 2.102+
# for ipchains
#KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l"
# for iptables
KILL_ROUTE="/usr/local/sbin/iptables -v -A INPUT -s $TARGET$ -j DROP"
#
and you'll need to modify the KILL_ROUTE statement to exclude port 80.
i think the flag needed would be --dport ! 80. so the new command would be
KILL_ROUTE="/usr/local/sbin/iptables -v -A INPUT -s $TARGET$ -j DROP
--dport ! 80"
now, i'm no iptables expert by any means and this may be completely
wrong flag or in the wrong place or something. but i am sure that what
you want is managed by the portsentry configuration and that you should
'man iptables' if the above doesn't work the way you want.
-- lee
m m wrote:
>
>
> I guess you are misunderstand me. where did I say: "I want to block IP
> addresses of people ...."?
>
> To make it clear,
> "I want to block IP addresses of people who are accessing my
> box, except port 80 for browsing my website." or
> "http request to port 80 never been blocked"
>
> I hope it make sense.
>
More information about the Discuss
mailing list