Linux: Iptables Find / Check Banned IP Address

in Categories last updated June 27, 2012

How do I find or check IP’s that are currently banned using iptables command in Linux? How do I verify that IP address is banned or not in Linux?

The correct syntax to block an IP address under Linux using iptables is as follows:

/sbin/iptables -A INPUT -s BAN-IP-ADDRESS -j DROP
/sbin/iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP

Open a command-line terminal (select Applications > Accessories > Terminal), or login to remote server using the ssh and then type the following command block an ip address as follows:
# /sbin/iptables -A INPUT -s -j DROP
To view blocked IP address, enter:
# iptables -L INPUT -v -n
# iptables -L INPUT -v -n | less

Task: Check Banned IP’s Linux

Use the grep command as follows to verify that an IP address is blocked or not:
# iptables -L INPUT -v -n | grep ""

How Do I Delete or Unblock IP Address

Use the following syntax to delete or unblock an IP address under Linux, enter:
# iptables -D INPUT -s -j DROP
Finally, make sure you save the firewall:
# service iptables save

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on (or read 6 comments/add one below):

6 comment

  1. I think your command to determine if an IP address exists in the INPUT chain might need to be refined. For example the following would be detected 401 20304 if you grepped for “”.

    1. This is true. In order to get the literal character of “.” You would need to escape them, using “\” as the escape character. So something like this:
      Iptables -L INPUT -v -n | grep “1\.2\.3\.4”

    1. iptables -L INPUT -v -n | grep ‘’
      matches also
      iptables -L INPUT -v -n | grep ‘[^0-9]’
      is more specific

  2. Question : how can I count the total number of ips by country ?
    I am using geoip and I banned CN, RU, KP.

    just wondering …
    thanks !

  3. The check will not work if the iptables entry has a netmask instead of a single address.
    A grep for does not match a entry, for example.

    Similar for –src-range

    Have a question? Post it on our forum!