0

I have a Linux server which is compromised, I can see nasty looking perl scripts executing with root privileges. I want to get some data off it before I wipe it. How can I block all inbound and outbound traffic except for my ip? It's a Centos server I assume i can do this with iptables?

I'm aware a the server is rooted there is a possibility that attackers could have made changes on the server that would prevent this from working. Ill be testing to make sure and only have the server online for a couple of hours before it is nuked.

Shane Madden
  • 116,404
  • 13
  • 187
  • 256
ollybee
  • 578

1 Answers1

3

Replace X.X.X.X with your IP address and this should work:

iptables -I INPUT ! -s X.X.X.X -j DROP
iptables -I OUTPUT ! -d X.X.X.X -j REJECT
iptables -I FORWARD -j DROP
fukawi2
  • 5,494