Change IP route for Blacklist

Add the clean IP to the server.

Edit the firewall to NAT all connections FROM port 25 to use the new IP.

# iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source NEW.IPA.DDR.ESS
# service iptables save

Ensure that the IP is on eth1
or…

# iptables -t nat -A POSTROUTING -o eth1 -p tcp -j SNAP --dport 25 --to-source 123.45.6.7

Cloud Server Iptables rejects port 80 CentOS 6.5

I have just intalled apache on a fresh CentOS 6.5 installation. I entered the ip address in the browser address bar, and it failed to connect. I then turned off iptables, and refeshed, and this time I could connect.

So clearly iptables is blocking the http (port 80) traffic. So I looked at the iptables rules:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

It seems confusing as there is a “accept all” rule. I typed this – it explains the devices as well where acept all is on the lo interface. So all eth connections are dropped.:

# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   11   764 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 6 packets, 824 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Edit iptables to add the rule:


# nano /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Copy the ssh port 22 line and add it right under it, then change the port to 80. This is what it should look like:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Restart iptables

# service iptables save
service iptables restart

Block IP with iptables

Block Incoming Request From IP 1.2.3.4

The following command will drop any packet coming from the IP address 1.2.3.4:


# /sbin/iptables -I INPUT -s {IP-HERE} -j DROP
# /sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

Finally, the last thing we need to do is save our rules so that next time we reboot our computer our rules are automatically reloaded:


# /sbin/service iptables save

Check to see if it is added:

# iptables --list -n | grep 37.233.38.46
DROP       all  --  37.233.38.46         0.0.0.0/0

Other good info to check out:

http://wiki.centos.org/HowTos/Network/IPTables

Stop Spam and http access with IPtables

To stop Spam:

drop SMTP on port 25, 465 and 587 to prevent further spam from being sent out by running the following commands:


# /sbin/iptables -A INPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 587 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 587 -j DROP

Restart:

# service iptables restart

Block an IP accessing the site:

# iptables -A INPUT -s 80.35.xx.xxx -j DROP

Restart:

# service iptables restart

After that – check the cpnael access logs for the domain and see that there is a 403 Error:

# tail -f /usr/local/apache/domlogs/gamedayboston.com

80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Add IP and Port to iptables

How to add an IP to access the plesk panel and ssh

Open flle /etc/sysconfig/iptables:


# nano /etc/sysconfig/iptables
-A INPUT -s 72.177.xxx.xxx/32 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -s 66.226.xx.xx/32 -p tcp -m tcp --dport 10222 -j ACCEPT

Save and restart iptables


service iptables restart