solokron
May 29 2004, 07:21 PM
I have...
DROP all -- 221.0.0.0/8 0.0.0.0/0
listed in my Iptables. This blocks out a large portion of China. I have a customer that communicates with a developer in China. How can I add his IP without disturbing the existing drop rule?
I am using APF and it does not have this Iptable rule in the deny list. I suspect it is pulling it from DShield.org
I have added it to the allow list in APF.
Azhrarn
Jun 2 2004, 05:12 AM
Well I don't know how APF does things, but iptables goes in order of the rules added.
So if you added a specific allow rule before the drop rules then the person would be allowed through. If it gets entered after the DROP rule, then it will never get that far.
Looking at `iptables -L` will show you the order of the rules. You can move them around and insert rules at arbitrary positions, but if APF rewrites them, then you will have to keep modding it, or modify it to do explicit allows before explicit drops.
TheLinuxGuy
Jun 2 2004, 08:19 AM
/etc/apf/apf -a ip
i think thats the allow command