Linux Iptables block incoming access to selected or specific ip address

Sometime it is necessary to block incoming connection or traffic from specific remote host. iptables is administration tool for IPv4 packet filtering and NAT under Linux kernel. Following tip will help you to block attacker or spammers IP address.

ADVERTISEMENTS

How do I block specific incoming ip address?

Following iptable rule will drop incoming connection from host/IP 202.54.20.22:

iptables -A INPUT -s 202.54.20.22 -j DROP
iptables -A OUTPUT -d 202.54.20.22 -j DROP

A simple shell script to block lots of IP address

If you have lots of IP address use the following shell script:

A) Create a text file:

# vi /root/ip.blocked
Now append IP address:

# Ip address block  file
202.54.20.22
202.54.20.1/24
#65.66.36.87

B) Create a script as follows or add following script line to existing iptables shell script:

BLOCKDB=”/root/ip.blocked”
IPS=$(grep -Ev "^#" $BLOCKDB)
for i in $IPS
do
iptables -A INPUT -s $i -j DROP
iptables -A OUTPUT -d $i -j DROP
done

C) Save and close the file.

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
19 comments… add one
  • Dave Richardson Jun 1, 2007 @ 13:22

    Thanks for the script!

    I’m using it to block some traffic that was comment spam in my wordpress installation. Akismet was catching the spam itself, but now I’m blocking a handful of IPs at the firewall and don’t have to moderate as much garbage!

    Much appreciated!

    Dave.
    D.E.R. Management, Inc – IT Project Management consulting

  • unix dude Nov 3, 2007 @ 7:24

    Cool, I’ve been running my own custom drop list I have honed over the years. Too much hacking. I block international access to domestic business servers whenever possible. I’m tired of those log files filled up with password guessing Asia. It works fantastic if one does not need access to international.

  • unix dude Nov 3, 2007 @ 7:54

    My blockiplist is text exactly like yours, but my script is different and I can’t recall why I did it this way, I hope it’s right, but it seems to work.
    ————
    for i in `cat /etc/blockiplist|grep -v “#”`
    do
    ADDR=$i
    /sbin/iptables -t filter -I INPUT -s $ADDR -j DROP
    /sbin/iptables -t filter -I OUTPUT -s $ADDR -j DROP
    /sbin/iptables -t filter -I FORWARD -s $ADDR -j DROP
    /sbin/iptables -t filter -I INPUT -d $ADDR -j REJECT
    /sbin/iptables -t filter -I OUTPUT -d $ADDR -j REJECT
    /sbin/iptables -t filter -I FORWARD -d $ADDR -j REJECT
    echo “Block ALL INPUT from ” $ADDR ” net DROPPED.”
    done
    —————–

    • jm Mar 14, 2016 @ 22:41

      Simple, elegant. I love it.

  • ajay Dec 28, 2007 @ 14:42

    i can not connect a linux system from a squid proxy server for internet uses than what will be do

  • Ip blocking & allowing in Linux Dec 8, 2008 @ 7:42

    Sir,

    In my company we are using Redhat Linux(15 EL) server for proxy settings, i need the command for blocking some particular ip’s not to use the internet & the same thing i need to release them to use internet, pls help me…………

  • zhys9 Jul 20, 2009 @ 6:46

    Remove an entry:
    You can either delete by number or by recreating the rule. “iptables -D INPUT 3” will remove the 3rd (counting from 1) rule. Or “iptables -D INPUT -s 65.75.152.40 -j DROP” will remove the corresponding entry independent of location. The rules must match exactly though or you’ll get a “Bad rule” error.
    reference: http://www.plug.org/pipermail/plug/2004-November/010608.html

  • Ben Chapman May 20, 2010 @ 14:35

    Thanks for this – it was very helpful. For people who cut and paste, you may need to remove the quote marks around the BLOCKDB variable value in order to get it to work properly.

    Best,

    Ben

  • John Jameson Nov 7, 2010 @ 3:28

    Excellent. Just the instructions I was looking for to block some malicious users from accessing my mail server.

  • webman Dec 11, 2010 @ 20:58

    Thanks for the information. I want to ask if it is possible to block absolutely EVERY single IP on the web except for a particular one on my home network (192.168.2.102) ?!

    How to do that ?!

    Apache can do this (for the http protocol) but it looks like the ftp server allows everyone in.

    I want to block all IP’s except that one mentioned above.

  • Sander May 21, 2011 @ 15:20

    Maybe a silly question, but why have an INPUT *and* and OUTPUT rule? Isn’t the OUTPUT rule overkill? If somebody already can’t reach your server (packets are dropped), your server is not going to send any packets to them…, right?

    • Moritz2112 Sep 12, 2013 @ 16:53

      Sander, I think it might be because some scanners will continue to try even if incoming traffic is dropped, should they get any traffic back at all from attempts to brute-force entry into a system. Mayhap? Prithee? Perchance? Bueller?

  • hajdano Oct 10, 2013 @ 2:40

    Hi

    This does not block samba access?

  • Emmanux Feb 18, 2014 @ 0:54

    Improved for blocking ip ranges:

    BLOCKDB="/root/ip.blocked"
    IPS=$(grep -Ev "^#" $BLOCKDB)
    for i in $IPS
    do
    iptables -A INPUT -p tcp --destination-port 22 -m iprange --src-range $i -j DROP
    #iptables -A OUTPUT -d $i -j DROP
    done
    

    The /root/ip.blocked looks like:

    1.0.1.0-1.0.1.255
    1.0.2.0-1.0.3.255
    1.0.8.0-1.0.15.255
    1.0.32.0-1.0.63.255
    1.1.0.0-1.1.0.255
    1.1.2.0-1.1.3.255
    1.1.4.0-1.1.7.255
    1.1.8.0-1.1.15.255
    1.1.16.0-1.1.31.255
    1.1.32.0-1.1.63.255
    1.2.0.0-1.2.1.255
    1.2.2.0-1.2.2.255
    ...
    ...
    ...
    

    I got it from http://ipblocklist.com

    This is our first day without login attempts from China. Cheers!

  • Andrew Feb 23, 2014 @ 5:37

    “or add following script line to existing iptables shell script:”
    how do I do that? I’m on ubuntu, iptables are in /sbin and appear encrypted…..

    any help appreciated as this looks to be a simple way to restrict a number of ip’s but I’m stuck! thanks.

  • Icaro Mar 29, 2016 @ 14:36

    Awesome Post man. Big help!

  • wahyudi Apr 26, 2016 @ 8:15

    Thanks For the script,

    But why when i run the script , it said /root/ip.blocked not such a file or directory

    Thanks or the answer

  • Vijay Aug 29, 2016 @ 6:39

    Hello,

    I want to block USERS who access a particular IP, Example 192.27.5.115 (Which is a server IP) and i don’t want any users to access the IP. How can i restrict users to log into the particular IP? I dont have info about all User IP’s.

  • Iván Aug 29, 2016 @ 8:23

    Good code. Helped me a lot with a little problem. Thank’s!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.