Linux: Iptables Find / Check Banned IP Address

How do I find or check IP’s that are currently banned using iptables command in Linux? How do I verify that IP address 1.2.3.4 is banned or not in Linux?

The correct syntax to block an IP address under Linux using iptables is as follows:

ADVERTISEMENTS

/sbin/iptables -A INPUT -s BAN-IP-ADDRESS -j DROP
/sbin/iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP

Open a command-line terminal (select Applications > Accessories > Terminal), or login to remote server using the ssh and then type the following command block an ip address 1.2.3.4 as follows:
# /sbin/iptables -A INPUT -s 65.55.44.100 -j DROP
To view blocked IP address, enter:
# iptables -L INPUT -v -n
OR
# iptables -L INPUT -v -n | less

Task: Check Banned IP’s Linux

Use the grep command as follows to verify that an IP address 1.2.3.4 is blocked or not:
# iptables -L INPUT -v -n | grep "1.2.3.4"

How Do I Delete or Unblock IP Address 1.2.3.4?

Use the following syntax to delete or unblock an IP address under Linux, enter:
# iptables -D INPUT -s 1.2.3.4 -j DROP
Finally, make sure you save the firewall:
# service iptables save

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • Mike Sep 1, 2012 @ 5:06

    I think your command to determine if an IP address exists in the INPUT chain might need to be refined. For example the following would be detected 401 20304 if you grepped for “1.2.3.4”.

    • Todd Nov 28, 2012 @ 4:02

      This is true. In order to get the literal character of “.” You would need to escape them, using “\” as the escape character. So something like this:
      Iptables -L INPUT -v -n | grep “1\.2\.3\.4”

  • Sam M. Dec 19, 2012 @ 22:00

    You can also use single quotes instead of doubles:

    iptables -L INPUT -v -n | grep '1.2.3.4'
    
    • Bruno Jan 29, 2013 @ 16:06

      iptables -L INPUT -v -n | grep ‘1.2.3.4’
      matches also 1.2.3.45
      iptables -L INPUT -v -n | grep ‘1.2.3.4[^0-9]’
      is more specific

  • steph Dec 22, 2014 @ 18:16

    Question : how can I count the total number of ips by country ?
    I am using geoip and I banned CN, RU, KP.

    just wondering …
    thanks !

  • arth Mar 19, 2015 @ 16:28

    The check will not work if the iptables entry has a netmask instead of a single address.
    A grep for 103.42.124.12 does not match a 103.41.124.0/25 entry, for example.

    Similar for –src-range

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.