Tag Archives: ip

A simple iptables firewall script to block all ports except port 80 and give port 22 to certain ip’s

This simple script is very useful and very simple and will give you the basics of what you can do with linux iptables firewall.

Make a file:

pico /root/firewall.sh

Paste all the info and correct the ip addresses with you owns.

iptables -P FORWARD DROP # we aren't a router iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -s 213.191.173.114 -j ACCEPT iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT iptables -P INPUT DROP # Drop everything we don't accept iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Code language: PHP (php)

Give it some permissions

chmod 777 /root/firewall.sh

And run the script.

./root/firewlall.sh

Now this was tested in ubuntu 17.04 but if you have problems with the destination of the iptables you can try adding sbin/iptables.
You can list all the active iptables rules with the command

iptables -nL

How to block ip addresses and protect files and folders with apache and .htaccess in ubuntu?

In this tutorial we are going to create block list for our website so that IP addresses that we know are bad can’t connect to our server. Also we are going to protect files that we don’t want to be opened by other people online.

First we edit 000-default.conf and make the needed changes:

<code>pico /etc/apache2/sites-enabled/000-default.conf</code>
Code language: Bash (bash)
<VirtualHost *:80> <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted </Directory> ServerName www.webleit.info ServerAdmin your@mail.com DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost>
Code language: Apache (apache)

Now we havo to create a .htaccess file and put ip addresses to be blocked and files to be protected:

order allow,deny deny from 91.247.38.54 deny from 91.247.38.55 deny from 91.247.38.57 deny from 198.15.180.240 deny from 67.229.79.154 deny from 188.120.229.212 deny from 85.128.142.38 allow from all # Protect the htaccess file <Files .htaccess> Order Allow,Deny Deny from all </Files> # Protect functions.php <Files functions.php> Order Allow,Deny Deny from all </Files> # Protect header.php <Files header.php> Order Allow,Deny Deny from all </Files> # Protect footer.php <Files footer.php> Order Allow,Deny Deny from all </Files> # Protect snowstorm.js <Files snowstorm.js> Order Allow,Deny Deny from all </Files>
Code language: Apache (apache)