iptables -A INPUT -s IP ADDRESS -j LOG –log-prefix “iptables: ”
iptables -A INPUT -s IP ADDRESS -j DROP
iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j LOG –log-prefix “iptables:”
/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP
How Do I Delete Blocked IP Address?
iptables -L INPUT -n –line-numbers
iptables -D INPUT 3
How Do I Block Subnet (xx.yy.zz.ww/ss)?
Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP
Block Outgoing Request From LAN IP 192.168.1.200?
Use the following syntax:
# /sbin/iptables -A OUTPUT -s 192.168.1.200 -j DROP
# /sbin/service iptables save
http://blog.shadypixel.com/log-iptables-messages-to-a-separate-file-with-rsyslog/
The first thing you need to do is modify your iptables script/entries for logging to look something like this, mileage may vary depending on what you want to do so please make sure to validate your options with this first:
-A INPUT -j LOGDROP -A LOGDROP -p tcp -j LOG --log-prefix "iptables: " -A LOGDROP -p udp -j LOG --log-prefix "iptables: " -A LOGDROP -p icmp -j LOG --log-prefix "iptables: "
Note: My entries are for dropping packets, you do not have to drop packets to log them. Just keep that in mind while creating your own entries.
The key piece is the prefix which will allow filtering on that log entry. Since we know this we can now add an iptables configuration file into the /etc/rsyslog.d directory.
vim /etc/rsyslog.d/iptables.conf
Add the following text (or modify to suit your setup):
:msg, startswith, "iptables: " -/var/log/iptables.log & ~
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP