Code:
iptables -A INPUT-s IPADDRESS HERE -p tcp -j DROP
If you are dropping an IP address you most likely want to drop everything, the above rule will only drop tcp packets. UDP/ICMP etc will still get through.
Quote:
However, in general it is a MUCH better approach to drop all IP addresses and then adjust the firewall to only allow the traffic you want.
|
This is usually not an option for a publicly facing server, This is where
fail2ban comes into play, fail2ban monitors logs and dynamically creates iptables rules based on certain conditions, $x number of connection attempts per minute, etc.
Quote:
Just curious to know absence of nic card does not make any difference?
|
One would only need to match by interface if the box was acting as a router with multiple interfaces.
But if you want to drop everything from a particular IP address, you want to do it regardless of the interface, in the interests of keeping rules simple there is no need to use unnecessary matches, which only adds confusion.
As Mayur Pipaliya suggested.
Code:
iptables -A INPUT -s 1.1.1.1 -j DROP
Will drop any packets coming INTO the firewall, from anywhere, on any interface where the packet has a source IP address of 1.1.1.1.