Where is IPTables

dknelson

New Member
A while back, I had somebody do some "optimizing" on my server. It turned out that I chose the wrong person and had to remove most of his changes. One thing that he did was add some IPs to the IPTAbles to block the Yahoo Slurp spiders because he said that I was getting way too many. He may be right but since he has done that, my site has fallen WAY down on Yahoo. I used to come up on the first page with our main keywords and now haven't even found us.

My question is, where do I find IPTABLES so that I can look at it and see what he has added. I know that I can flush it using ssh but I'm not sure I want to do that before knowing what is there.
 
Hello dknelson,

When I'm looking for information on a command I will start by going to Linux.about.com and run a search on the command I'm looking for. Google is also a great help too of course. And then of course there is always help (in ssh iptables --help) and the man page (in ssh man iptables).

In SSH if you run iptables -L -n |more I believe you find what's been added at the very top of the list looking something like this
Code:
DROP       all  --  76.16.30.40          0.0.0.0/0
And it looks as though to remove an address it's iptables -D INPUT -s x.x.x.x -j DROP.

Hope that helps
 
Dan,
Thank you very much for your response. Your first command worked in that I was able to list the dropped IPs.

Your second command though does not work, the one to remove an IP from the list. I've tried searching the site and the help files but I am just too new to this.

Can somebody please help me with the command to remove IP addresses from the IPTABLES?
 
Hello dknelson,

Did you receive an error when you ran the command?

Is it possible that you have APF installed? Do "which apf" and if you receive a path then you do have it. If you do then it's possible that the IPs are in the /etc/apf/deny_hosts.rules file.
 
When I run iptables -L -n |more I get a list like:

root@host [~]# iptables -L -n |more
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 67.195.54.0/24 0.0.0.0/0
DROP tcp -- 67.195.52.0/24 0.0.0.0/0
DROP tcp -- 67.195.51.0/24 0.0.0.0/0
DROP tcp -- 74.6.0.0/16 0.0.0.0/0
acctboth all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 68.248.1.83 0.0.0.0/0

When I run iptables -D INPUT -s 67.195.54.0/24 -j DROP, I get this:
root@host [~]# iptables -D INPUT -s 67.195.54.0/24 -j DROP
iptables: Bad rule (does a matching rule exist in that chain?)
 
Iptables is looking for the rule number rather than the IP address.

Try "iptables -D INPUT x" where x is the rule number you want to remove. The rules are numbered sequentially from the top.

Again though if you have APF then the next time your server restarts or the service is restarted it will reload the /etc/apf/deny_hosts.rules file.
 
Top