 |
01-08-2004, 07:53 AM
|
#1 (permalink)
|
|
Senior Member
Join Date: 10-13-03
Location: San Antonio, Tx
Posts: 264
Latest Blog: None
|
[Linux] Block IP Address using IPtables
1. Login to your server via SSH and su - to root (do not forget the - after su).
2. After logging in as root, you may want to look at what's already loaded, if anything. To look at the tables that are currently in effect:
(Note: You might need to add "| less" to the end of your iptables -L commands if you have a lot of iptables rules. This will let you view the rules one page at a time. You can use "q" to quit.)
# iptables -L -n
3. To successfully block an IP address, the syntax would be:
# iptables -I INPUT -s IP_ADDRESS_HERE -j DROP
e.g.:
# iptables -I INPUT -s 123.123.123.123 -j DROP
4. To verify that your entry was successful:
(Note: You might need to add "| less" to the end of your iptables -L commands if you have a lot of iptables rules. This will let you view the rules one page at a time. You can use "q" to quit.)
(as root still)
# /sbin/iptables -L -n
5. If you want to flush your IPtables:
# /sbin/iptables -F
You can find other options to choose from with the following command:
# /sbin/iptables --help
|
|
|
02-01-2004, 10:04 AM
|
#2 (permalink)
|
|
Junior Member
Join Date: 02-01-04
Posts: 2
Latest Blog: None
|
Hi QT,
Thank you for the iptable info. I would like to block a complete range of IP address from say: 0.0.0.0 to 0.23.255.255 do I have to type each one in individually or is there some option that will allow me to do this more easily?
Thanks,
Sam
|
|
|
02-01-2004, 07:41 PM
|
#3 (permalink)
|
|
Senior Member
Join Date: 10-13-03
Location: San Antonio, Tx
Posts: 264
Latest Blog: None
|
Quote:
|
Originally Posted by sam hain
Hi QT,
Thank you for the iptable info. I would like to block a complete range of IP address from say: 0.0.0.0 to 0.23.255.255 do I have to type each one in individually or is there some option that will allow me to do this more easily?
Thanks,
Sam
|
You can find an example of blocking an IP range here:
http://serverbeach.com/forums/showth...&threadid=1970

|
|
|
02-01-2004, 07:44 PM
|
#4 (permalink)
|
|
Individualist
Join Date: 09-27-03
Location: Japan, mostly
Posts: 27,026
|
|
|
|
02-01-2004, 08:37 PM
|
#5 (permalink)
|
|
Senior Member
Join Date: 10-13-03
Location: San Antonio, Tx
Posts: 264
Latest Blog: None
|
Quote:
|
Originally Posted by JohnScott
|
cPanel can block IP's from websites, but only for web access. There is nothing in cPanel or WHM that will allow you to block an IP address from accessing a server. So if you want to block someone from accessing a server completely, it would have to be done through IPtables.
|
|
|
02-03-2004, 10:37 AM
|
#6 (permalink)
|
|
Junior Member
Join Date: 02-01-04
Posts: 2
Latest Blog: None
|
Hi QT_,
Thanks again! I got it
 Sam
|
|
|
02-03-2004, 10:53 AM
|
#7 (permalink)
|
|
Senior Member
Join Date: 10-13-03
Location: San Antonio, Tx
Posts: 264
Latest Blog: None
|
Quote:
|
Originally Posted by sam hain
Hi QT_,
Thanks again! I got it
 Sam
|
Glad you got it all figured out. 
|
|
|
05-20-2004, 03:20 AM
|
#8 (permalink)
|
|
Junior Member
Join Date: 05-20-04
Posts: 1
Latest Blog: None
|
Hi,
This is great info QT,
Thank you
I am a bit of a newbie with this, and was wondering if I could use iptables to drop outgoing packets to certain IP's to protect them from a DOS attack if my box got infected.
Would it be as simple as changing the INPUT to OUTPUT?
Its just that I wouldnt know what to do if I was contacted by a host who said my server was DOSing them.
I would imagine dropping outgoing packets to them would be the first step, and then look around for the scripts causing it?
Thanks in advance,
|
|
|
05-27-2004, 03:48 AM
|
#9 (permalink)
|
|
Junior Member
Join Date: 05-27-04
Posts: 1
Latest Blog: None
|
Block some IP's allow others?
Hello,
First of all, thanks for the discussion, this is the only play on the web I have found knowledgle answers to ipchains.
I read about blocking ranges and blocking in general, my question has to do with deny and allow.
If I block a range of internal IP's in one chain, can I allow a few of those IP's through in the next chain? Meaning, will the next chain countermand the previous chain?
I need to block certain people, but not others from telnet and www.
Thanks
J
|
|
|
06-07-2004, 07:36 AM
|
#10 (permalink)
|
|
Junior Member
Join Date: 06-03-04
Location: South Africa
Posts: 3
Latest Blog: None
|
QT_ thanks for the info, but once I rebooted the server I lost all the IP addresses that I block, help please?
|
|
|
03-09-2009, 09:48 PM
|
#11 (permalink)
|
|
Contributing Member
Join Date: 03-09-09
Location: Tempe, AZ
Posts: 63
|
I'd just like to add a few things.
When your server reboots, iptables is flushed. So you may want to do the following. To backup your iptables:
/sbin/iptables-save -c > /iptables-backup.txt
Then, to restore after server reboot:
/sbin/iptables-restore -c < /iptables-backup.txt
You can add the restore line to your rc.local script to automate it.
|
|
|
03-10-2009, 02:04 AM
|
#12 (permalink)
|
|
Contributing Member
Join Date: 11-27-07
Posts: 1,217
Latest Blog: None
|
Do you think that would be actual for the more then 4 year old thread?
|
|
|
|
Currently Active Users Viewing This Thread: 3 (0 members and 3 guests)
|
|
|
| Thread Tools |
|
|
| Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 01:47 AM.
© Copyright 2008 V7 Inc Powered by vBulletin Copyright © 2000-2009 Jelsoft Enterprises Limited.
|
|