Blocking an IP address

[cloverm]

My server is getting scanned from a particular IP address on a regular basis. What would be the simplest way for me to completely block this IP address from my box?

[civ1492]

IPTABLES -A INPUT-p all -s <ip adress> -j drop
... but im not really sure thats just from memory

[cloverm]

Thanks ch-b. When I try to run iptables, I get this error:

/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed

How can ip_tables be busy? How can I make it "unbusy"?

[civ1492]

Maybe you already insterted it, i never used iptables with modules always compiled it into the kernel .. so i cant help you there ..
But very strange that iptables is busy ..

[Feztaa]

Are you running this as root?

[Compunuts]

May be /etc/host.deny ??

[boblucci]

May be /etc/host.deny ??

Yea cant you just put the ip in that file?

Worked for me! :-/

[gorn]

host.deny will only do inetd


umm cloverm do you have the ipchains or ipfwadminorwhatevertheycalledit module loaded? lsmod

if you have ipchans of ipfw it wont let you use iptables, only one at a time.

the ipchains version is ipchains -a input -s foo -j deny i think

[popcorn]

I've done a little digging, and all I can find are people suggesting rmmod iptables and reinstalling it.

Seems a little drastic, but if you can't find anything else to try it might be worth a shot.

HTH

Code:

block in quick log on $ExtIf from $Stupid_IP to any

pf rules!