How do I permanently block a remote IP address in Linux ?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do I permanently block a remote IP address in Linux ?
How do I permanently block a remote IP address?
I have been using a network traffic monitor to look at some suspicious network activity and I found an IP from an entry.
I ran a WHOIS on the IP address and it shows a system administrator from Mumbai, India: 1.187.0.0
I live in the USA and I don't use any softwares, services, or programs from India.
I don't know anybody in India, and I don't go to Indian websites.
Therefore, I am OK with doing an IP block of the entire country of India if somebody knows how.
But my main question is how do I block any IP address in My Linux OS ?
I really would like to do this because the number of processes logging in from the remote address is kind of high.
It seems to start whenever I run it.
I tried running GUFW, but it's too complicated for me. I don't understand the syntax of IPtables.
So should i make changes in the command line itself or either use any Content filter tools ?
I tried running GUFW, but it's too complicated for me. I don't understand the syntax of IPtables.
So should i make changes in the command line itself or either use any Content filter tools ?
Dealing with the complexity of GUFW would be your most productive use of time, if your system has UFW on top of iptables. Otherwise you could work with the text interface for UFW, if your system has it.
UFW is a front end for iptables. GUFW is a gui for UFW. You can certainly use those and they are simpler than iptables itself. However, I personally think you would be better served by dealing with iptables itself. It is a little confusing at first, but the time spent learning the basics is well worth it. Since we don't know your setup, if you are on a lan, wireless or what, no one can tell you exactly what to do. Look at the man page for iptables. You will probably want to put a drop instruction in the INPUT chain. You may also want to change the default policies to DROP for INPUT and ACCEPT for OUTPUT. The man page will tell you how to do all those things.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.