Block an IP Address on My Linux server

How Do I Block an IP Address on My Linux server?

How do I block an IP address or subnet under Linux operating system?

In order to block an IP on your Linux server you need to use iptables tools (administration tool for IPv4 packet filtering and NAT) and netfilter firewall. First you need to log into shell as root user. To block an IP address you need to type the iptables command as follows:

Syntax to block an IP address under Linux

For example, if you wish to block an ip address 65.55.44.100 for whatever reason then type the command as follows:

# iptables -A INPUT -s 65.55.44.100 -j DROP
If you have IP tables firewall script, add the above rule to your script.

If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP
The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.

CentOS / RHEL / Fedora Block An IP And Save It To Config File
Type the following two command:
# iptables -A INPUT -s 65.55.44.100 -j DROP
# service iptables save
How Do I Unblock An IP Address?
Use the following syntax (the -d options deletes the rule from table):
# iptables -D INPUT -s xx.xxx.xx.xx -j DROP
# iptables -D INPUT -s 65.55.44.100 -j DROP
# service iptables save

Allow specify port using iptables

/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# 儲存設定
/etc/rc.d/init.d/iptables save
# 重新啟動防火牆
/etc/init.d/iptables restart


Copy from internet

奪取操作角式

奪取操作角式

1        cmd : ntdsutil

2        ntdsutil:roles

3        fsmo maintenance:connections

4        server connections:connect to server dc2.sayms.com

5        server connections:quit

6        fsmo maintenance:seize pdc

ps

seize schema master

seize domain naming master

seize RID master

seize infrastructure master

將現有的windows2000 或 server 2003 forest 升級至srv2008

將現有的windows2000 或 server 2003 forest 升級至srv2008

 1 . 所有server 2000 網域控制站必須升級至sp4

 2 . domain functional　level 必須是2000 native mode

 3 . 先找出schema master 和 infrastructure master

 4 . 開始執行 – 輸入 regsvr32 schmmgmt.dll  找出schema master

 5 . 去mmc 新增Active Directory 架構

 6 . infrastructure master 可以於active directory and user 找到

 7 . 放入srv2008 光碟 於schema master

 8 . 於command prompt 輸入光碟機代號

 9 . cd \sources\adprep

 10 . adprep /forestprep    \\ C + enter

 11 放入srv2008 光碟 於infrastructure master

 12 cd \sources\adprep

 13 adprep /domainprep /gpprep  

Ps adprep /domainprep /gpprep 會將sysvol 資料夾內的gpo 權限設定copy 到所有其他網域控制站 , 因為如果網路內有許多網域控制站或gpo 輸多的話 , 這個copy 動作會佔較多網路頻寬,影響網絡效能, 所以建議先執行不會copy gpo 權限的指令

 Step 1 adprep /domainprep

 step 2 adprep /domainprep /gpprep

14   

利用 安裝媒體來安裝額外網域控制器

利用 安裝媒體來安裝額外網域控制器

製作安裝媒體

1 於其中一台Domain Controller 輸入 ntdsutil

2 輸入 activate instance NTDS  // 代表把AD 資料庫設定為使用中

3 ntdsutil:ifm

4 ifm:create full c:\InstallationMedia

5 ifm:quit

6 ntdsutil:quit

7 將整個C:/InstallationMedia 資料夾內的所有資料copy 至usb /光碟或share drive

使用安裝媒體建立額外網域控制器

1 dcpromo.exe \ReplicationSourcePath:C:\InstallationMedia