On 1/31/06, Preston Crawford <preston.crawford@gmail.com> wrote:
Is there an easy way to reject all incoming packets except those that come from certain IPs? I can't find any way via iptables or via the GUI provided with CentOS (or another GUI for CentOS) without having to resort to Shorewall. It's fine if the answer is "go with Shorewall". I just didn't want to have to become a Shorewall expert for this really small task.

Any help/advice on this is appreciated. Am I missing an easier way?

Preston

If the only thing you want to do is filter a limited number of IPs, Troy's example will work great.  But if you want other features in an easy-to-manage package, it might be worth checking out APF at:

http://www.rfxnetworks.com/apf.php

I have been using it for a while... it has a lot of nice features (rate limiting of some traffic, logging, etc.) and makes it really easy to manage allow lists, block lists, and multiple IP addresses on the box. 

I'm not aware of an RPM-based version, but the tarball install sticks everything in /etc/apf, so it's easy to remove if you want to.

Take care,
K