iptables -A INPUT -p tcp --source ip_a_bannir --dport 22 -j DROP
iptables -L
 iptables -D INPUT -p tcp --source ip_a_deban --dport 22 -j DROP
 iptables -D INPUT -s 25.55.55.55 -j DROP

DEBAN erreur32

 iptables -D INPUT -s 192.68.1.15 -j DROP

iptables -D INPUT -p all -s dns2.zrh.server.colt.net -j DROP


 iptables-save 

Conseil que vous mettez dans un cron ;)

 iptables-save > /etc/firewall.conf

Autres Coms

 iptables restart

Debian does not provide an initscript for iptables by default.

This does however not mean that it is impossible to get firewall rules to survive a reboot.

Actually the Debian way is logical and works very well. First create some iptables rules and list them:

 iptables --list

if the listed rules satisfy your needs, then save them somewhere. I use /etc/firewall.conf but this location is not fixed:

iptables-save > /etc/firewall.conf

Then create a script so ifupdown loads these rules on boot:

 echo "#!/bin/sh" > /etc/network/if-up.d/iptables 
 echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables 
 chmod +x /etc/network/if-up.d/iptables 

Now reboot your machine and pray - the rules should come up exactly like before (use “iptables –list” to verify this).


Login to your server via root and type

nano /etc/hosts.deny

Remove the ip from the list and exit and save

Alternativly flush the iptables with

 iptables -F
iptables -I INPUT -p tcp --dport 80 -m string --to 70 --algo bm --string 'GET /w00tw00t.at.ISC.SANS.' -j DROP 
Chain fail2ban-ssh (1 references)

target prot opt source destination

   DROP 0 -- 61.236.117.xxx anywhere

   DROP 0 -- 61.236.117.yyy anywhere

   RETURN 0 -- anywhere anywhere

execute the following command:

iptables -D fail2ban-ssh <linenum>

if you want to unban user 61.236.117.yyy use:

 iptables -D fail2ban-ssh 2