nixCraft Poll

Topics

Linux Iptables block outgoing access to selected or specific ip address

Posted by Vivek Gite [Last updated: October 7, 2007]

You would like to block outgoing access to particular remote host/ip for all or selected service/port.

Following rule will block ip address 202.54.1.22 from making any outgoing connection:
iptables -A OUTPUT -d 202.54.1.22 -j DROP

This way you can block chat server ip address or site having dangerous contains such as viruses. It is also possible to block specific port. For example to you can block tcp 5050 port as follows:
iptables -A OUTPUT -p tcp –dport 5050 -j DROP

OR block 5050 for IP address 192.168.1.2 only:

iptables -A OUTPUT -p tcp -d 192.168.1.2 –dport 5050 -j DROP

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. thon Says: August 8th, 2007 at 10:15 am

    IPTABLES. I just want to know how to block a certain IP address or network to access a specific server. lets say the host/ip 192.168.1.2 will be block/denied access to server/ip 192.168.1.10

    thanks

  2. Jes Says: October 17th, 2007 at 2:35 am

    Not one freaking person on the whole internet has an example of how to use iptables to stop one single machine from being able to access one single IP address.

  3. vivek Says: October 17th, 2007 at 5:39 am

    Jes,

    Drop single system 202.54.1.22:

    iptables -A INPUT -d 202.54.1.22 -j DROP

    Try following urls for more …
    How do I Drop or block attackers IP with null routes?
    Linux Iptables block incoming access to selected or specific ip address

    HTH

  4. k Says: December 10th, 2007 at 6:50 pm

    Hi, Can anyone help?
    How do I block the outgoing traffic from x IP address to y IP address, but allow the incoming traffic from y to x? For some reason when I accept input and then do output drop it doesn’t allow inputs. Additionally, I did:
    /sbin/iptables -A INPUT -p icmp –icmp-type echo-reply -j ACCEPT
    /sbin/iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
    But can’t ping x from y and vice versa. Please help.
    Thank you,
    k.

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , ,

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.