Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd January 2009, 16:28
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default Iptables, bastille, ISPConfig setup

I have a Fedora 10 server setup using the perfect setup, and have a few questions. (disabled Linux firewall/SELinux)

I have added a rule " Iptables -I INPUT -s 198.186.193.54 -j DROP " to block an undesirable bot/spider since mod_security "spams" my logs because it blocks it due to no header reply, browser version etc.

However, upon its return usually once a day, Iptables does not seem to "ghost" my server as mod_security still sees and returns the 403 error to the bot.

if it helps

running the command " ps -ef | grep iptables " returns root 8200 7827 0 09:51 pts/0 00:00:00 grep iptables

running the command " iptables -L INPUT " returns
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  ashburn.notadot.com  anywhere
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
It seems once I have restart the firewall through ISPConfig the command " iptables -L INPUT " returns
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
notice the line DROP all -- ashburn.notadot.com anywhere is removed loosing my iptables rules allowing notadot back in.

Thanks for the help in advance.
Reply With Quote
Sponsored Links
  #2  
Old 23rd January 2009, 22:52
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,424
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

Instead of using iptables command which conflicts with the firewall rules you better use the route command to block the IP:

Code:
/sbin/route add -host 198.186.193.54 reject
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd January 2009, 23:50
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

thanks, I will try that instead. This will return a server not found correct? Also I would have to add that line to the rc.local file so it stays after a reboot?

Last edited by papokergod; 23rd January 2009 at 23:56.
Reply With Quote
  #4  
Old 24th January 2009, 13:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

Quote:
Originally Posted by papokergod View Post
This will return a server not found correct?
I don't remember the correct message, but yes, it's something like that.

Quote:
Originally Posted by papokergod View Post
Also I would have to add that line to the rc.local file so it stays after a reboot?
Yes.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 25th January 2009, 13:32
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

for some reason mod_security is still seeing this ip and its not getting the server not found.

Code:
[Sun Jan 25 00:17:29 2009] [error] [client 198.186.193.54] ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "www.xxxxxx.com"] [uri "/"] [unique_id "SXv16X8AAAEAAAlrLuIAAAAG"]
[Sun Jan 25 00:17:29 2009] [error] [client 198.186.193.54] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "48"] [id "960009"] [msg "Request Missing a User Agent Header"] [severity "WARNING"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "www.xxxxxx.com"] [uri "/"] [unique_id "SXv16X8AAAEAAAlrLuIAAAAG"]
Reply With Quote
  #6  
Old 26th January 2009, 12:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

What's the output of
Code:
route -nee
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 26th January 2009, 14:56
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

Segmentation fault
Reply With Quote
  #8  
Old 27th January 2009, 11:08
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,424
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

Is this a physical server or vserver?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 27th January 2009, 14:09
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

Fedora 10 server setup using the perfect setup, physical server
Reply With Quote
  #10  
Old 27th January 2009, 18:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
 
Default

Quote:
Originally Posted by papokergod View Post
Segmentation fault
Do you still see this after a reboot (without the route command in rc.local)?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Match IP with MAC using iptables for squid block cooljai Server Operation 0 30th August 2007 18:30
ispconfig is killing external iptables supertom64 Installation/Configuration 4 15th February 2007 09:01
SSL Setup In ISPConfig asyadiqin Installation/Configuration 1 6th August 2006 13:18
Setup DNS on ISPConfig QuikeMore Installation/Configuration 1 27th July 2006 09:08
The Perfect Xen 3.0 Setup For Debian | IPTABLES rocket30 HOWTO-Related Questions 7 25th July 2006 14:18


All times are GMT +2. The time now is 08:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.