Linux: Iptables Find / Check Banned IP Address

by on February 15, 2011 · 4 comments· LAST UPDATED June 27, 2012

in

How do I find or check IP's that are currently banned using iptables command in Linux? How do I verify that IP address 1.2.3.4 is banned or not in Linux?

The correct syntax to block an IP address under Linux using iptables is as follows:

 
/sbin/iptables -A INPUT -s BAN-IP-ADDRESS -j DROP
/sbin/iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP
 

Open a command-line terminal (select Applications > Accessories > Terminal), or login to remote server using the ssh and then type the following command block an ip address 1.2.3.4 as follows:
# /sbin/iptables -A INPUT -s 65.55.44.100 -j DROP
To view blocked IP address, enter:
# iptables -L INPUT -v -n
OR
# iptables -L INPUT -v -n | less

Task: Check Banned IP's Linux

Use the grep command as follows to verify that an IP address 1.2.3.4 is blocked or not:
# iptables -L INPUT -v -n | grep "1.2.3.4"

How Do I Delete or Unblock IP Address 1.2.3.4?

Use the following syntax to delete or unblock an IP address under Linux, enter:
# iptables -D INPUT -s 1.2.3.4 -j DROP
Finally, make sure you save the firewall:
# service iptables save

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 Mike September 1, 2012 at 5:06 am

I think your command to determine if an IP address exists in the INPUT chain might need to be refined. For example the following would be detected 401 20304 if you grepped for “1.2.3.4”.

Reply

2 Todd November 28, 2012 at 4:02 am

This is true. In order to get the literal character of “.” You would need to escape them, using “\” as the escape character. So something like this:
Iptables -L INPUT -v -n | grep “1\.2\.3\.4″

Reply

3 Sam M. December 19, 2012 at 10:00 pm

You can also use single quotes instead of doubles:

iptables -L INPUT -v -n | grep '1.2.3.4'

Reply

4 Bruno January 29, 2013 at 4:06 pm

iptables -L INPUT -v -n | grep ‘1.2.3.4’
matches also 1.2.3.45
iptables -L INPUT -v -n | grep ‘1.2.3.4[^0-9]‘
is more specific

Reply

Leave a Comment

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: