LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-26-2012, 07:30 AM   #1
onlymahendra7
LQ Newbie
 
Registered: May 2012
Posts: 3

Rep: Reputation: Disabled
How to block the ip addresses using iptables


How to block the ip addresses using iptables. Can any one tell me the rule to block specific ip address/addresses of more than one machine
.
 
Old 05-26-2012, 07:51 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
The rule to drop an IP address can be really simple:
Code:
iptables -A INPUT-s IPADDRESS HERE -p tcp  -j DROP
However, in general it is a MUCH better approach to drop all IP addresses and then adjust the firewall to only allow the traffic you want. Depending on what you're trying to do, dropping individual IP addresses might not be the best approach.
 
Old 05-26-2012, 09:22 PM   #3
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347

Rep: Reputation: 34
Hangdog42,

No interface (--i ethx) is mentioned in the rule. Just curious to know absence of nic card does not make any difference?. It will grate help if you can explain what will happen in both cases. Means if nic card is listed an NOT listed in rule.

Thanks in advance
 
Old 05-26-2012, 09:44 PM   #4
Mayur Pipaliya
LQ Newbie
 
Registered: May 2012
Location: India
Distribution: Mainly CentOS & BackTrack. Was using Ubuntu,Fedora,RHEL and SLAX :-|
Posts: 3

Rep: Reputation: Disabled
onlymahendra7,

Assume, you are root user & wanted to block IP Address: 123.123.123.123

^ To Block/Ban IP Address
# iptables -A INPUT -s 123.123.123.123 -j DROP
# service iptables save

^ If needed, restart iptables.
# service iptables restart

^ Check blocking worked or not!
# netstat -n | grep 123.123.123.123


PS: If you want to block whole range, use subnet parameter like 123.123.0.0/16 OR 123.123.0.0-123.123.255.255

Last edited by Mayur Pipaliya; 05-26-2012 at 09:51 PM. Reason: removed (s)
 
1 members found this post helpful.
Old 05-26-2012, 11:55 PM   #5
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
Code:
iptables -A INPUT-s IPADDRESS HERE -p tcp  -j DROP
If you are dropping an IP address you most likely want to drop everything, the above rule will only drop tcp packets. UDP/ICMP etc will still get through.
Quote:
However, in general it is a MUCH better approach to drop all IP addresses and then adjust the firewall to only allow the traffic you want.
This is usually not an option for a publicly facing server, This is where fail2ban comes into play, fail2ban monitors logs and dynamically creates iptables rules based on certain conditions, $x number of connection attempts per minute, etc.
Quote:
Just curious to know absence of nic card does not make any difference?
One would only need to match by interface if the box was acting as a router with multiple interfaces.

But if you want to drop everything from a particular IP address, you want to do it regardless of the interface, in the interests of keeping rules simple there is no need to use unnecessary matches, which only adds confusion.
As Mayur Pipaliya suggested.
Code:
iptables -A INPUT -s 1.1.1.1 -j DROP
Will drop any packets coming INTO the firewall, from anywhere, on any interface where the packet has a source IP address of 1.1.1.1.

Last edited by fukawi1; 05-27-2012 at 12:03 AM.
 
1 members found this post helpful.
Old 05-27-2012, 10:57 AM   #6
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 347

Rep: Reputation: 34
fukawi1,

Awesome!,
Thanks for nice explanation
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Block ALL IP addresses only allow 3 IP addresses on port 80/443 yelluc Linux - Security 8 03-28-2012 04:20 AM
Using some application to block IP addresses rytec Linux - Server 7 02-18-2011 01:19 AM
[SOLVED] ipTables rule to block a port for all internal IP Addresses except one pranaysharmadelhi Linux - Security 8 07-08-2009 07:57 AM
scan a block of addresses fentonc2003 Linux - Networking 1 11-21-2006 04:33 AM
block specific ip addresses paperdiesel Linux - Security 3 07-21-2004 11:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration