Q. How do I block an IP address or subnet under Linux operating system?
A. In order to block an IP on your Linux server you need to use iptables tools (administration tool for IPv4 packet filtering and NAT) and netfilter firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows:
Syntax to block an IP address under Linux
iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP
If you have IP tables firewall script, add above rule to your script.
If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP
The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.
You can write a shell script to block lots of IP address and subnets.
- Email FAQ to a friend
- Printable version
- Rss Feed
- Last Updated: 12-20-08
{ 16 comments… read them below or add one }
hi dear,
h a u?
i have aproblem to ristrick the wab page on client side.
i have linux server to run internt. i make gateway on that server and use it on other system to run internet.
her i want to on clint system only my specify wab pages is open.
plz u can help me how i confuger it.
my network is on workgroup
thnks
dewa
Ther are two solution:
1) the best practice you use a proxy server like suqid in the gateway machine. Then define ACL on the squid.
say you want to deny access to yahoo.com and rediffmail.com.
acl all src 0.0.0.0/0.0.0.0
acl web_yahoo dest yahoo.com
acl web_rediff dest rediff.com
http_access deny web_yahoo all
http_access deny web_rediff all
2) this option is throhgh iptables, assume that your gateway acts as a firewall.
iptables -A INPUT -p tcp –destination-port 80 -d -j DROP
it will drop any request to port 80 of yahoo from any source.
i want to connect internet on local pc by user from server
Please send me the code in Linux c to block the website typed on the browser. or send the references where i can get
Hi I added:
iptables -A INPUT -s 80.58.205.35 -j DROP
and kept checking my apache logs, after a short pause of no requests from 80.58.205.35
it resumed ?? Could this mean I have been hacked ?
EG:
80.58.205.35 - - [21/Jun/2008:17:10:40 +1000] "GET /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////photogallery.php?album_id=1 HTTP/1.1" 200You need to add iptables -A INPUT -s 80.58.205.35 -j DROP to your firewall script. Once added 80.58.205.35 cannot connect to your apache. Do you run any special firewall script such as apf?
hi,
i need an iptable rule for a website(www.webmd.com) not to go through squid(proxy).could you pls send me the iptable rule for this one?
thanks
joel, i think you do it without iptables rule using squid configuration and I don’t think its possible to have such a rule. What do you say vivek ?
Yes, nilesh is right. It all depends upon your setup. Do you have squid proxy installed? If so there is an option to skip webmd.com from squid cache using ACL. Iptables is for filtering and restricting traffic.
@vivek and S. Nilesh,
yes i have a squid transparent proxy caching server and firewall in the same box.could you kindly post here the acl rules to bypass webmd from going through squid. btw im using the old 2.5 stable 6 version.thank you very much to both of you for responding to my question.
joel
joel, try this -
acl webmd dstdomain .webmd.com
always_direct webmd
it should do it for you…
@ S. Nilesh,
thank you so much.that really works!! :)
@ S.Nilesh and Vivek,
hi again,
i thought i should ask this question. how would you allow https traffic for one particular site on the network but restrict all other https traffic with an iptable rule.i have users bypassing my proxy redirector(squidguard) using https and i cannot block port 443 on my firewall because it is being used by a remote GUI application which is also being used by my users.
lol dont use -A
im not an iptables guru, but ive fought off plenty of attacks, and hack attempts, heres how chain worx k,
# Drop
rule 1
rule 2
rule 3
end of chain default rule (drop all or accept all however)
rule4 your new rule
so if you use the -A which is the add option its going to add to the drop chain right,
which will put it after an absolute depending on who or how your iptables is setup.
after an absolute is parsed, by iptables it wont read any further into the chain, there for your add option will never work as good as the insert flag -I
# drop
rule1
rule2
rule3
rule4 – our new rule here
drop all
make sense?
Hi all,
Are these IP table entries are permanent? Recently I had blocked an IP using the step mentioned above. ( i.e. iptables -A INPUT -s 124.118.247.4 -j DROP ) I wanted to know, if my server reboots, does that entry can withstand the reboot or will loose upon reboot?
@Shibin,
Noop, you need to write a shell script to keep them alive after reboot.