LAMPdocs: Linux, Apache, MySQL, PHP

I you’re running a web server, you should have noticed that some IP addresses can be found trying to crack your passwords or issuing different queries trying to find a vulnerability in your scripts. If your main Linux firewall is iptables, there are lots of opportunities to enable/disable access using different conditions. We will close incoming connections for a given IP in this post.

You need to be logged in as root in order to issue this command. I’d suggest you to check the command or to create it in your text editor to copy and paste it to your command line. Let’s take we need to close access to the IP address 192.168.0.56. All you need is just to run the command below.

iptables -A INPUT -d 192.168.0.56 -j DROP

Your server will drop all incoming packets from this IP. You can add as many IPs as you like or add IP subnets – it’s your choice. Just don’t add your own IP to test. I pormise you it works without such a test

Sometimes you need to “hide” your server by denying responses to ping requests. This way your server will look like it is offline. ping <server_ip> will return connection timeout. There is a short linux command that will allow to do this using iptables. Here it is:

iptables -t filter -A INPUT -p icmp -j REJECT

This will ignore icmp packets send to your server (these packets are used to ping your server). You can also deny traffic send using any other protocol instead of icmp by modifying the command, changing icmp to the protocol name you need.

Another solution was found on Linuxquestions.org. It allows outgoing ICMP packets and blocks incoming. Here it is:

/sbin/iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp –icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth0 -j DROP