- How to block an IP using iptables
- How to block an IP address or IP range
- Blocking a connection on a specific interface
- How to block a port
- Viewing IP Blocks
- Removing IP Blocks
- Searching Blocked IPs
- Saving Changes
- Additional Commands You Can Use To Block Traffic
- Building Your iptables Block List
- A Few Extra Resources
- COMPLETE DIGITAL SERVER SOLUTIONS FOR ALL
- Bare Metal Dedicated Servers
- Professional Hybrid Servers
- Scalable Cloud Servers
- Managed Colocation
- Как заблокировать IP адреса через ufw
- Блокировка определенных IP адресов через ufw
- Блокировка определенных IP и номера порта через ufw
- Закрытие определенных IP, номеров портов и протоколов через ufw
- Как удалить блокировку и разблокировать IP адресов
- How to Block and Unblock IP Address in Linux
How to block an IP using iptables
As a webmaster, you’re eventually going to deal with an abusive user (or several). It’s more or less an inevitable hurdle to doing business online. Maybe they’re spamming your comments section, flooding your server with requests, or harassing your other readers. Either way, you want to get them gone before they cause you any more of a headache than they already have.
Don’t worry. Provided you understand how iptables works – it’s actually fairly easy to do.
We’ll walk you through the process of how to block an IP address, as well as a few of the commands you’re going to want to use.
Let’s get started. Your first step is to log in to your web server either through your control console or through a secure connection. Make sure you’ve got root access – you’re going to need it.
How to block an IP address or IP range
We’ll start with a few of the basic commands.
First off, here’s how to prevent a specific IP Address from accessing your server with the iptables block ip command. Replace [IP] with the IP you actually want to block:
iptables -A INPUT -s [IP] -j DROP
If you’re looking to block a specific range of IP addresses, meanwhile; type in the following, replacing [START] and [END] with the endpoints of the range (via Chron):
iptables -A INPUT -m iprange –src-range [START]-[END] -j DROP
You can also block an entire subnet from accessing your website with
iptables -i eth1 -A INPUT -s [SUBNET ADDRESS] -j DROP
Blocking a connection on a specific interface
Now, let’s say you only want to block a connection through a specific interface. In that case, the command will be as follows:
iptables -A INPUT -i [Interface Name] -s [IP] -j DROP
You can add a + to the end of the interface name to block any interface whose name begins with the characters you’ve entered.
How to block a port
If you want to block a connection on a specific port, then you’ll use the following iptables block port command:
iptables -A INPUT -s 65.55.44.100 -p tcp –destination-port 25 -j DROP
Viewing IP Blocks
If at any time you want to view your list of blocked IP addresses, you can either use
iptables -L -v or /sbin/iptables -L INPUT -v
Removing IP Blocks
While viewing that list, you can delete specific entries using the iptables open port command or iptables allow port command. Use the following commands, in order:
iptables -L INPUT -n –line-numbersiptables -D INPUT [LINE]iptables -L INPUT -v -n
Of course, if you know which specific entry you want to be rid of, the following syntax will work just as well using the iptables drop ip command:
iptables -D INPUT -s 1.2.3.4 -j DROP
Assuming you want to log dropped address information, you can also turn on kernel logging with: iptables -i eth1 -A INPUT -s [IP/SUBNET] -j LOG –log-prefix “IP DROP SPOOF A:”
Searching Blocked IPs
Next up, you can search your blocked IP addresses with:
iptables -L INPUT -v -n | grep [IP]
Saving Changes
Finally, in order to save the changes you’ve made to your iptables block list on CENTOS, RHEL, or Fedora, you’ll need to use the command service iptables save.
Additional Commands You Can Use To Block Traffic
The commands above form the basic framework of IP blocking within iptables, but they aren’t exactly comprehensive. If you really want to cut yourself off from an IP address, there are a few additional commands you’ll want to make yourself aware of. They are as follows:
- -OUTPUT: Prevents TCP connections with a server, and blocks outgoing traffic. Syntax is iptables -A OUTPUT -s [IP] -j DROP
- -FORWARD: Blocks all forwarding traffic. Syntax is iptables -A FORWARD -s [IP] -j DROP
- tcp: Like Output, blocks TCP connections. Syntax is iptables -A INPUT -p tcp -s [IP] -j DROP
- icmp: Blocks port probing. Syntax is -A INPUT -p icmp -s [IP] -j DROP
Building Your iptables Block List
Now that you’ve been primed on the basics of iptables, you can create your own blacklist following these commands:
1. First, flush out all the old default rules and existing rules with the flush command:
2. Next, change your default chain policy with the following set of commands:
iptables -P INPUT DROPiptables -P FORWARD DROPiptables -P OUTPUT DROP
3. Set up IP blocking as you see fit using the commands in the previous section.
A Few Extra Resources
We’ll leave off today’s piece with a few awesome tips, tricks, and words of advice regarding some of the stuff you can do with iptables. First off, if you’re looking for a script that will automate the banning of abusive IPs, Fail2Ban is an excellent choice.
Next, our knowledge base contains dozens of other tutorials to help you use your Linux server. Our article on securing a linux server is a great start. Continue browsing to learn more.
COMPLETE DIGITAL SERVER SOLUTIONS FOR ALL
Bare Metal Dedicated Servers
A single tenant, physical server allowing you full access to its resources
Professional Hybrid Servers
Virtualized server platform hosted on enterprise-grade physical servers
Scalable Cloud Servers
High-performance and highly-available infrastructure
Managed Colocation
Our next-generation data center facilities
Как заблокировать IP адреса через ufw
В статье описано, как заблокировать конкретные IP адреса через ufw.
UFW (Uncomplicated Firewall) — стандартная утилита для конфигурирования межсетевого экрана iptables для ОС Ubuntu Linux. Она использует интерфейс командной строки, состоящий из небольшого числа простых команд. UFW — это удобный способ создания базового брандмауэра IPv4 или IPv6, чтобы защитить сервер.
Блокировка определенных IP адресов через ufw
sudo ufw deny from to any
Для блокировки или закрытия всех пакетов с 192.168.1.5, вводим:
sudo ufw deny from 192.168.1.5 to any
Показываем статус фаервола включая правила. Для проверки недавно добавленных правил, вводим:
Блокировка определенных IP и номера порта через ufw
ufw deny from to any port
Для блокировки или закрытия «спамерских» IP адресов 202.54.1.5 порта 80, вводим:
sudo ufw deny from 202.54.1.5 to any port 80
Заново проверяем посредством следующей команды:
Закрытие определенных IP, номеров портов и протоколов через ufw
sudo ufw deny protofrom to any port
Для примера блокировка вредоносных IP адресов 202.54.1.1 tcp порта 22, вводим:
$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22 $ sudo ufw status numbered
Блокировка подсети через ufw. Синтаксис тот же:
$ sudo ufw deny proto tcp from sub/net to any port 22 $ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22
Как удалить блокировку и разблокировать IP адресов
$ sudo ufw status numbered $ sudo ufw delete NUM
Для удаления правила # 4, вводим:
deny from 202.54.1.5 to any port 80 Proceed with operation (y|n)? y Rule deleted
Подсказка: UFW, НЕ блокирующий IP-адрес
Чтобы избежать лишних проблем с ненужной блокировкой, необходимо изменить the/etc/ufw/before.rules файл и добавить раздел “Block an IP Address” после “# End required lines”.
$ sudo vi /etc/ufw/before.rules
Добавьте свое правило для блока от спама или хакеров:
Сохраните и закройте файл. И — перезагрузите брандмауэр:
How to Block and Unblock IP Address in Linux
Want to block IP abusing your Server or the server is facing an abuse attack from a particular IP? Today, we will show you how we can block particular IP address and block IP on a particular Port.
This guide will work on almost all Linux Distribution with iptables. iptables is a user-space utility program that allows a system administrator to configure the tables[2] provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
iptables requires elevated privileges to operate and must be executed by user root, otherwise, it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man pages, which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an “essential binary”, the preferred location remains /usr/sbin.
- Login to the server as the root user
- Follow the Syntax below for various iptables rules.
Note – Replace IP-ADDRESS-HERE with the particular IP address and port_number with the port.- Add iptables rule to block IP Address
iptables -A INPUT -s IP-ADDRESS-HERE -j DROP - Add iptables rule to block IP Address access to a specific port
iptables -A INPUT -s IP-ADDRESS-HERE -p tcp —destination-port port_number -j DROP - Drop/Remove iptables rule to unblock IP Address
iptables -D INPUT -s IP-ADDRESS-HERE -j DROP - Drop/Remove iptables rule to unblock IP Address access to a specific port
iptables -D INPUT -s IP-ADDRESS-HERE -p tcp —destination-port port_number -j DROP
- Add iptables rule to block IP Address
- After adding/removing any of the above rules we need to save the iptables rules by the following command.
iptables-save
With these few commands, we finish the iptables block and unblock rules.
Check/Verify if a particular IP is blocked using iptables.
iptables -L INPUT -v -n | grep «IP-ADDRESS-HERE»
For testing, we will block google.com IP.
Remove block rule and test ping google.com