nixCraft Poll

Topics

Linux Iptables block incoming access to selected or specific ip address

Posted by Vivek Gite [Last updated: September 25, 2007]

Sometime it is necessary to block incoming connection or traffic from specific remote host. iptables is administration tool for IPv4 packet filtering and NAT under Linux kernel. Following tip will help you to block attacker or spammers IP address.

How do I block specific incoming ip address?

Following iptable rule will drop incoming connection from host/IP 202.54.20.22:

iptables -A INPUT -s 202.54.20.22 -j DROP
iptables -A OUTPUT -d 202.54.20.22 -j DROP

A simple shell script to block lots of IP address

If you have lots of IP address use the following shell script:

A) Create a text file:

# vi /root/ip.blocked
Now append IP address:

# Ip address block  file
202.54.20.22
202.54.20.1/24
#65.66.36.87

B) Create a script as follows or add following script line to existing iptables shell script:

BLOCKDB=”/root/ip.blocked”
IPS=$(grep -Ev "^#" $BLOCKDB)
for i in $IPS
do
iptables -A INPUT -s $i -j DROP
iptables -A OUTPUT -d $i -j DROP
done

C) Save and close the file.

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. Dave Richardson Says:

    Thanks for the script!

    I’m using it to block some traffic that was comment spam in my wordpress installation. Akismet was catching the spam itself, but now I’m blocking a handful of IPs at the firewall and don’t have to moderate as much garbage!

    Much appreciated!

    Dave.
    D.E.R. Management, Inc - IT Project Management consulting

  2. unix dude Says:

    Cool, I’ve been running my own custom drop list I have honed over the years. Too much hacking. I block international access to domestic business servers whenever possible. I’m tired of those log files filled up with password guessing Asia. It works fantastic if one does not need access to international.

  3. unix dude Says:

    My blockiplist is text exactly like yours, but my script is different and I can’t recall why I did it this way, I hope it’s right, but it seems to work.
    ————
    for i in `cat /etc/blockiplist|grep -v “#”`
    do
    ADDR=$i
    /sbin/iptables -t filter -I INPUT -s $ADDR -j DROP
    /sbin/iptables -t filter -I OUTPUT -s $ADDR -j DROP
    /sbin/iptables -t filter -I FORWARD -s $ADDR -j DROP
    /sbin/iptables -t filter -I INPUT -d $ADDR -j REJECT
    /sbin/iptables -t filter -I OUTPUT -d $ADDR -j REJECT
    /sbin/iptables -t filter -I FORWARD -d $ADDR -j REJECT
    echo “Block ALL INPUT from ” $ADDR ” net DROPPED.”
    done
    —————–

  4. ajay Says:

    i can not connect a linux system from a squid proxy server for internet uses than what will be do

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , , ,

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.