Menu
01101110 01100101 01110100 01110111 01101111 01110010 01101011 01100001 01100100 01101101 01101001 01101110 01110100 01101111 01101111 01101100 01110011 00001101 00001010

Background

Manage Engine

Our readers provide the funding for our platform, and we may receive a commission when you make a purchase using the links on our site.

Block IP Addresses With IPtables

/ October 3, 2016 — Security

We wrote about blocking particular IP addresses with the route command here. If you are already using iptables, or want to start, a better way is to block particular hosts:

iptables -I INPUT -s 25.55.55.55 -j DROP

This command will simply drop any packet coming from the address 25.55.55.55. To list the chains:

iptables -L -n
.
.
.
DROP       all  --  25.55.55.55          0.0.0.0/0          
DROP       all  --  202.55.56.55         0.0.0.0/0
.
.
.

The -n sticks with just IP addresses, rather than resolving the name. This is useful if you have a lot of IP addresses. It can take a lot of time to resolve all of the addresses, particularly since they are probably funky. After all, you have blocked them for some reason. If you need to investigate with names, just use the command with out -n:

iptables -L
.
.
.
DROP       all  --  55.55.55.25.i.portscan.com  anywhere           
DROP       all  --  55.56.55.202.many.fetch.api.request.com anywhere 
.
.
.

If you later decide that you don’t want to drop packets from a particular host, use the -D option instead of -I:

 
iptables -D INPUT -s 25.55.55.55 -j DROP

For more details on iptables, here is the manpage. Do be careful about changing firewall/route settings on remote servers, OK? You can block the rest of the world and yourself out with the wrong command.

Information

About