[CentOS] Easy way to reject all incoming packets except from certain IPs?

Thu Feb 2 03:39:05 UTC 2006
hkclark at gmail.com <hkclark at gmail.com>

On 1/31/06, Preston Crawford <preston.crawford at gmail.com> wrote:
>
> Is there an easy way to reject all incoming packets except those that come
> from certain IPs? I can't find any way via iptables or via the GUI provided
> with CentOS (or another GUI for CentOS) without having to resort to
> Shorewall. It's fine if the answer is "go with Shorewall". I just didn't
> want to have to become a Shorewall expert for this really small task.
>
> Any help/advice on this is appreciated. Am I missing an easier way?
>
> Preston


If the only thing you want to do is filter a limited number of IPs, Troy's
example will work great.  But if you want other features in an
easy-to-manage package, it might be worth checking out APF at:

http://www.rfxnetworks.com/apf.php

I have been using it for a while... it has a lot of nice features (rate
limiting of some traffic, logging, etc.) and makes it really easy to manage
allow lists, block lists, and multiple IP addresses on the box.

I'm not aware of an RPM-based version, but the tarball install sticks
everything in /etc/apf, so it's easy to remove if you want to.

Take care,
K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20060201/6754b7c5/attachment-0005.html>