LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-05-2016, 02:40 AM   #1
blackcats
LQ Newbie
 
Registered: Sep 2016
Posts: 2

Rep: Reputation: Disabled
How do I permanently block a remote IP address in Linux ?


How do I permanently block a remote IP address?

I have been using a network traffic monitor to look at some suspicious network activity and I found an IP from an entry.
I ran a WHOIS on the IP address and it shows a system administrator from Mumbai, India: 1.187.0.0

I live in the USA and I don't use any softwares, services, or programs from India.
I don't know anybody in India, and I don't go to Indian websites.
Therefore, I am OK with doing an IP block of the entire country of India if somebody knows how.

But my main question is how do I block any IP address in My Linux OS ?

I really would like to do this because the number of processes logging in from the remote address is kind of high.
It seems to start whenever I run it.

I tried running GUFW, but it's too complicated for me. I don't understand the syntax of IPtables.
So should i make changes in the command line itself or either use any Content filter tools ?
 
Old 09-05-2016, 03:00 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,243

Rep: Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408Reputation: 1408
Learn iptables or install something like webmin which will give you a basic GUI access to iptables.
 
Old 09-05-2016, 03:48 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,879
Blog Entries: 3

Rep: Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064Reputation: 3064
Quote:
Originally Posted by blackcats View Post
I tried running GUFW, but it's too complicated for me. I don't understand the syntax of IPtables.
So should i make changes in the command line itself or either use any Content filter tools ?
Dealing with the complexity of GUFW would be your most productive use of time, if your system has UFW on top of iptables. Otherwise you could work with the text interface for UFW, if your system has it.

Which distro are you on?
 
Old 09-05-2016, 05:26 AM   #4
agillator
Member
 
Registered: Aug 2016
Distribution: Mint 19.1
Posts: 419

Rep: Reputation: Disabled
UFW is a front end for iptables. GUFW is a gui for UFW. You can certainly use those and they are simpler than iptables itself. However, I personally think you would be better served by dealing with iptables itself. It is a little confusing at first, but the time spent learning the basics is well worth it. Since we don't know your setup, if you are on a lan, wireless or what, no one can tell you exactly what to do. Look at the man page for iptables. You will probably want to put a drop instruction in the INPUT chain. You may also want to change the default policies to DROP for INPUT and ACCEPT for OUTPUT. The man page will tell you how to do all those things.
 
Old 09-05-2016, 11:39 AM   #5
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Debian
Posts: 5,844

Rep: Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162Reputation: 2162
I find the iptables documentation pretty obscure, but these pages may help
http://www.cyberciti.biz/faq/how-do-...-linux-server/
http://www.cyberciti.biz/tips/how-do...ll-routes.html

I wouldn't block everything from India: you don't know where the things you use may be hosted, or the route over which data may travel.
 
Old 09-05-2016, 12:16 PM   #6
agillator
Member
 
Registered: Aug 2016
Distribution: Mint 19.1
Posts: 419

Rep: Reputation: Disabled
I have everything from India blocked and have no problem. That doesn't mean someone else wouldn't, of course.
 
Old 09-05-2016, 02:45 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,185

Rep: Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438Reputation: 3438
Might peek at Firewall Builder as it can create a pretty good table with minimal stress.

http://www.fwbuilder.org/

Might consider downloading, or building a white list too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Happy with W7 or W 8.1?….How to permanently block Microsoft’s sneaky Windows 10 “upgrade” beachboy2 General 2 07-27-2016 11:35 AM
Help needed to permanently block access to my email server from japan Usalabs Linux - Server 5 10-31-2010 12:27 AM
How to block a website PERMANENTLY ? TheIndependentAquarius General 89 08-27-2010 11:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration