How to Block an IP Address Using Firestarter

Posted on Posted in General IT Info, Information Security

Firestarter is a GNOME program which offers a GUI interface to the IP Tables firewall.

If you have Firestarter configured to allow all IPs addresses to all ports or a particular port on your server, you can’t block a specific IP from accessing those ports using the GUI interface. However, Firestarter does allow you to manually specify IP Tables rules to either load up BEFORE or AFTER the Firestarter firewall rules by editing configuration files. On CentOS 5, the file to put the rules you want to load before Firestarter’s rules is /etc/firestarter/user-pre. For rules you want to load after Firestarter loads its firewall rules, edit the file /etc/firestarter/user-post. When you add your rules, instead of using the command “iptables” you need to use the variable name “$IPT” instead. To block an IP address from accessing any of your ports, you will need to add the IP Tables rule to the user-post file.

For example, say you want to block the IP address 123.11.112.1 from accessing your server on any port. The normal IPTables rules for this is:

iptables -I INPUT -s 123.11.112.1 -j DROP

To make this rule work with Firestarter, add the following line to the /etc/firestarter/user-post file:

$IPT -I INPUT -s 123.11.112.1 -j DROP

After you edit the user-pre or user-post files, you have to restart the Firestarter service to put them into effect. On CentOS 5 you can run the following terminal command to restart the Firestarter service:

service firestarter restart

Firewall Hole

Leave a Reply

Your email address will not be published. Required fields are marked *