root@tests:~# iptables -L INPUT -n –line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:22
2   ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:80
3    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:443
4    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:21
5   ACCEPT     all  –  127.0.0.1            0.0.0.0/0
6   ACCEPT     all  –  192.168.1.100        0.0.0.0/0
7   ACCEPT     icmp –  0.0.0.0/0            0.0.0.0/0
8   ACCEPT     all  –  192.168.4.0/24       0.0.0.0/0
9   DROP       all  –  0.0.0.0/0            0.0.0.0/0           state NE

You’ll get the list of all INPUT entries.  Look at the number on the left  then use the following command to delete :

iptables -D INPUT <<number here>>

Enjoy.

The Spamhaus Project is one of the largest anti-spam DNS blacklist services known. Founded in 1998, Spamhaus has operations in Geneva, Switzerland, and London in addition to the 28 investigators and forensic specialists located in 8 countries. Spamhaus is a true 24 hour a day anti-spam operation. With over 60 public DNS Servers distributed across 18 countries, Spamhaus is able to serve billion of DNS requests to the world over, all free of charge. It has been estimated that 1.4 billion users mailboxes are in some way protected by The Spamhaus Project every day.

Here, I will show you a script that automatically blocks IPs blocked by Spamhaus:

#!/bin/bash

IPT=”/sbin/iptables”
FILE=”/tmp/drop.lasso”
URL=”http://www.spamhaus.org/drop/drop.lasso”

echo “”
echo -n “Deleting DROP list from existing firewall…”

For more secure server, we have to close some ports to users.

If need access to this ports, we can give permission to our IP address.  Please dont forget, “iptables” can be block all IP address but when you restart the server it will be clean all of this commands.

Examples:

1. Closing FTP port except xxx.xxx.xxx.xxx

iptables -t filter -I INPUT 1 -p tcp -s ! xxx.xxx.xxx.xxx –dport 21 -j REJECT –reject-with icmp-host-prohibited

2. Closing SSH port except xxx.xxx.xxx.xxx

Just use the following command:

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT

In this example our connections are limited to 5.

Linux machines are known to be pretty secure.

Studies have shown that Linux has been designed in a secure manner. Yet, despite all the security features that come bundled with a Linux installation, you need to configure these features correctly to make them work for you. I’ll guide you through the process of setting up of one of the tools that help secure your machine – the firewall. We will use the iptables firewall for this exercise. I am assuming that you are using a server running Red Hat Enterprise Linux 4 or similar. However, most of the steps should work fine on other Linux distributions as well. In this article we will setup a firewall on a Linux server running the Apache Web Server, FTP, and SSH.

Let us first see what ports these applications use and which of them need to have a port open on the firewall.

The Apache web server runs on port 80 by default. Apache is going to server all our web content on this port, therefore we need to keep this port open on the firewall. The SSH service runs on port 22. We need to be able to remotely connect to our server to work, so we keep it open. FTP runs on port 21 and it too needs the port to be open to communication.

Next, make sure you have iptables installed. Run this command as the root user:

apt-cache search iptables