Q. How do I null route an attakers IP under Red Hat Enterprise Linux? I would like to block unwanted traffic from a particular source.
A. A null route is a network route that goes nowhere. When a network packet is received by Linux (or UNIX or any other network device) operating system, it needs to route that packet somewhere. It uses the routing table to decide where to send the packet. To kill the packet, in essence dropping the packet and forbidding the packet from travelling further, a nullroute could be put in place.
There are two ways to achieve the same.
First find out attacker IP address from system log files such as
Option #1: Using Iptables
Use following iptables rules:
# iptables --append INPUT --source IP-ADDRESS -j DROP
Add above rules to your iptables shell script. To drop bunch of IPs use something as follows in your shell script:
BADIPS="220.127.116.11 18.104.22.168 22.214.171.124"
for i in $BADIPS
iptables --append INPUT --source $i -j DROP
Option # 2: Using route command
See previous article for more information.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop