matt621

Well-Known Member
Jun 25, 2003
175
0
166
I've been using IP tables to block IPs using the following:

iptables -I INPUT 1 -s 123.456.789.123 -j DROP
/etc/rc.d/init.d/iptables save
/etc/rc.d/init.d/iptables restart
/etc/rc.d/init.d/httpd start

adding them one at a time as I find a problem.

This is on the old server. I want to get a list of all those I've added so I can add them to the new server. How would I do that?

Thank you.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
The file should be saved to:
/etc/sysconfig/iptables

Or, you can list your IP tables rules and probably find them there:

iptables -L -n
 

matt621

Well-Known Member
Jun 25, 2003
175
0
166
When I do:

iptables -L -n

I get:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[[email protected] root]#


If I view the file /etc/sysconfig/iptables
it only shows like 5 IPs. I know I added dozens of them.
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
Looks like you might have lost them between reboots :(

If you're lucky you might have them in your bash history:

grep iptables /root/.bash_history
 

matt621

Well-Known Member
Jun 25, 2003
175
0
166
good call on the bash history.

Now I noticed this:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
iptables -I INPUT 1 -s yyy.yyy.yyy.yyy -j DROP

Whats the diff. between -A and -I?

Also, can I just cut and paste these into the iptable file in sysconfig and reboot and that's all I need to do? That sure would be easier.

thanks again for the help.
 

bking

Well-Known Member
Mar 1, 2004
206
1
168
Sydney
Originally posted by matt621
good call on the bash history.

Now I noticed this:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
iptables -I INPUT 1 -s yyy.yyy.yyy.yyy -j DROP

Whats the diff. between -A and -I?

Also, can I just cut and paste these into the iptable file in sysconfig and reboot and that's all I need to do? That sure would be easier.

thanks again for the help.
-A adds the rule to the end of the table.
-I inserts it at the top, or if given a number, it will insert the rule at that line number.
You should be able to paste them in, but remember that order matters!! So make sure they are in the right spot (see the above for -A -I differences) No use having the rules after an ACCEPT rule that makes a match before it gets to the DROP.