Sometime it is necessary to block incoming connection or traffic from specific remote host. iptables is administration tool for IPv4 packet filtering and NAT under Linux kernel. Following tip will help you to block attacker or spammers IP address.
How do I block specific incoming ip address?
Following iptable rule will drop incoming connection from host/IP 202.54.20.22:
iptables -A INPUT -s 202.54.20.22 -j DROP iptables -A OUTPUT -d 202.54.20.22 -j DROP
A simple shell script to block lots of IP address
If you have lots of IP address use the following shell script:
A) Create a text file:
# vi /root/ip.blocked
Now append IP address:
# Ip address block file 202.54.20.22 202.54.20.1/24 #65.66.36.87
B) Create a script as follows or add following script line to existing iptables shell script:
BLOCKDB=”/root/ip.blocked” IPS=$(grep -Ev "^#" $BLOCKDB) for i in $IPS do iptables -A INPUT -s $i -j DROP iptables -A OUTPUT -d $i -j DROP done
C) Save and close the file.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 10 comments… read them below or add one }
Thanks for the script!
I’m using it to block some traffic that was comment spam in my wordpress installation. Akismet was catching the spam itself, but now I’m blocking a handful of IPs at the firewall and don’t have to moderate as much garbage!
Much appreciated!
Dave.
D.E.R. Management, Inc – IT Project Management consulting
Cool, I’ve been running my own custom drop list I have honed over the years. Too much hacking. I block international access to domestic business servers whenever possible. I’m tired of those log files filled up with password guessing Asia. It works fantastic if one does not need access to international.
My blockiplist is text exactly like yours, but my script is different and I can’t recall why I did it this way, I hope it’s right, but it seems to work.
————
for i in `cat /etc/blockiplist|grep -v “#”`
do
ADDR=$i
/sbin/iptables -t filter -I INPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I OUTPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I FORWARD -s $ADDR -j DROP
/sbin/iptables -t filter -I INPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I OUTPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I FORWARD -d $ADDR -j REJECT
echo “Block ALL INPUT from ” $ADDR ” net DROPPED.”
done
—————–
i can not connect a linux system from a squid proxy server for internet uses than what will be do
Sir,
In my company we are using Redhat Linux(15 EL) server for proxy settings, i need the command for blocking some particular ip’s not to use the internet & the same thing i need to release them to use internet, pls help me…………
Remove an entry:
You can either delete by number or by recreating the rule. “iptables -D INPUT 3″ will remove the 3rd (counting from 1) rule. Or “iptables -D INPUT -s 65.75.152.40 -j DROP” will remove the corresponding entry independent of location. The rules must match exactly though or you’ll get a “Bad rule” error.
reference: http://www.plug.org/pipermail/plug/2004-November/010608.html
Thanks for this – it was very helpful. For people who cut and paste, you may need to remove the quote marks around the BLOCKDB variable value in order to get it to work properly.
Best,
Ben
Excellent. Just the instructions I was looking for to block some malicious users from accessing my mail server.
Thanks for the information. I want to ask if it is possible to block absolutely EVERY single IP on the web except for a particular one on my home network (192.168.2.102) ?!
How to do that ?!
Apache can do this (for the http protocol) but it looks like the ftp server allows everyone in.
I want to block all IP’s except that one mentioned above.
Maybe a silly question, but why have an INPUT *and* and OUTPUT rule? Isn’t the OUTPUT rule overkill? If somebody already can’t reach your server (packets are dropped), your server is not going to send any packets to them…, right?