[Linux] Block IP Address using IPtables

[QT_]

1. Login to your server via SSH and su - to root (do not forget the - after su).

2. After logging in as root, you may want to look at what's already loaded, if anything. To look at the tables that are currently in effect:

(Note: You might need to add "| less" to the end of your iptables -L commands if you have a lot of iptables rules. This will let you view the rules one page at a time. You can use "q" to quit.)

# iptables -L -n

3. To successfully block an IP address, the syntax would be:

# iptables -I INPUT -s IP_ADDRESS_HERE -j DROP

e.g.:

# iptables -I INPUT -s 123.123.123.123 -j DROP

4. To verify that your entry was successful:
(Note: You might need to add "| less" to the end of your iptables -L commands if you have a lot of iptables rules. This will let you view the rules one page at a time. You can use "q" to quit.)

(as root still)

# /sbin/iptables -L -n

5. If you want to flush your IPtables:

# /sbin/iptables -F

You can find other options to choose from with the following command:

# /sbin/iptables --help

[sam hain]

Hi QT,

Thank you for the iptable info. I would like to block a complete range of IP address from say: 0.0.0.0 to 0.23.255.255 do I have to type each one in individually or is there some option that will allow me to do this more easily?

Thanks,
Sam

[QT_]

Quote:

Originally Posted by sam hain

Hi QT,

Thank you for the iptable info. I would like to block a complete range of IP address from say: 0.0.0.0 to 0.23.255.255 do I have to type each one in individually or is there some option that will allow me to do this more easily?

Thanks,
Sam

You can find an example of blocking an IP range here:

http://serverbeach.com/forums/showth...&threadid=1970

[John Scott]

QT, why not do a WHM IP Block tutorial? I would like to do it, too.

Please

[QT_]

Quote:

Originally Posted by JohnScott

QT, why not do a WHM IP Block tutorial? I would like to do it, too.

Please

cPanel can block IP's from websites, but only for web access. There is nothing in cPanel or WHM that will allow you to block an IP address from accessing a server. So if you want to block someone from accessing a server completely, it would have to be done through IPtables.

[sam hain]

Hi QT_,

Thanks again! I got it
Sam

[QT_]

Quote:

Originally Posted by sam hain

Hi QT_,

Thanks again! I got it
Sam

Glad you got it all figured out.

[T]

Hi,

This is great info QT,

Thank you

I am a bit of a newbie with this, and was wondering if I could use iptables to drop outgoing packets to certain IP's to protect them from a DOS attack if my box got infected.

Would it be as simple as changing the INPUT to OUTPUT?

Its just that I wouldnt know what to do if I was contacted by a host who said my server was DOSing them.

I would imagine dropping outgoing packets to them would be the first step, and then look around for the scripts causing it?

Thanks in advance,

[surfgod]

Hello,
First of all, thanks for the discussion, this is the only play on the web I have found knowledgle answers to ipchains.

I read about blocking ranges and blocking in general, my question has to do with deny and allow.

If I block a range of internal IP's in one chain, can I allow a few of those IP's through in the next chain? Meaning, will the next chain countermand the previous chain?

I need to block certain people, but not others from telnet and www.

Thanks
J

[NetReaper]

QT_ thanks for the info, but once I rebooted the server I lost all the IP addresses that I block, help please?

[MRamses]

I'd just like to add a few things.

When your server reboots, iptables is flushed. So you may want to do the following. To backup your iptables:

/sbin/iptables-save -c > /iptables-backup.txt

Then, to restore after server reboot:

/sbin/iptables-restore -c < /iptables-backup.txt

You can add the restore line to your rc.local script to automate it.

[~ServerPoint~]

Do you think that would be actual for the more then 4 year old thread?