How to block an IP using iptables
As a webmaster, you’re eventually going to deal with an abusive user (or several). It’s more or less an inevitable hurdle to doing business online. Maybe they’re spamming your comments section, flooding your server with requests, or harassing your other readers. Either way, you want to get them gone before they cause you any more of a headache than they already have.
Don’t worry. Provided you understand how iptables works – it’s actually fairly easy to do.
We’ll walk you through the process of how to block an IP address, as well as a few of the commands you’re going to want to use.
Let’s get started. Your first step is to log in to your web server either through your control console or through a secure connection. Make sure you’ve got root access – you’re going to need it.
See Also: Linux Dedicated Server Hosting
How to block an IP address or IP range
We’ll start with a few of the basic commands.
First off, here’s how to prevent a specific IP Address from accessing your server with the iptables block ip command. Replace [IP] with the IP you actually want to block:
iptables -A INPUT -s [IP] -j DROP
If you’re looking to block a specific range of IP addresses, meanwhile; type in the following, replacing [START] and [END] with the endpoints of the range (via Chron):
iptables -A INPUT -m iprange –src-range [START]-[END] -j DROP
You can also block an entire subnet from accessing your website with
iptables -i eth1 -A INPUT -s [SUBNET ADDRESS] -j DROP
Blocking a connection on a specific interface
Now, let’s say you only want to block a connection through a specific interface. In that case, the command will be as follows:
iptables -A INPUT -i [Interface Name] -s [IP] -j DROP
You can add a + to the end of the interface name to block any interface whose name begins with the characters you’ve entered.
How to block a port
If you want to block a connection on a specific port, then you’ll use the following iptables block port command:
iptables -A INPUT -s 126.96.36.199 -p tcp –destination-port 25 -j DROP
Viewing IP Blocks
If at any time you want to view your list of blocked IP addresses, you can either use
iptables -L -v or /sbin/iptables -L INPUT -v
Removing IP Blocks
While viewing that list, you can delete specific entries using the iptables open port command or iptables allow port command. Use the following commands, in order:
iptables -L INPUT -n –line-numbersiptables -D INPUT [LINE]iptables -L INPUT -v -n
Of course, if you know which specific entry you want to be rid of, the following syntax will work just as well using the iptables drop ip command:
iptables -D INPUT -s 188.8.131.52 -j DROP
Assuming you want to log dropped address information, you can also turn on kernel logging with: iptables -i eth1 -A INPUT -s [IP/SUBNET] -j LOG –log-prefix “IP DROP SPOOF A:”
See Also: (Live Webinar) Meet ServerMania: Transform Your Server Hosting Experience
Searching Blocked IPs
Next up, you can search your blocked IP addresses with:
iptables -L INPUT -v -n | grep [IP]
Finally, in order to save the changes you’ve made to your iptables block list on CENTOS, RHEL, or Fedora, you’ll need to use the command service iptables save.
Additional Commands You Can Use To Block Traffic
The commands above form the basic framework of IP blocking within iptables, but they aren’t exactly comprehensive. If you really want to cut yourself off from an IP address, there are a few additional commands you’ll want to make yourself aware of. They are as follows:
- -OUTPUT: Prevents TCP connections with a server, and blocks outgoing traffic. Syntax is iptables -A OUTPUT -s [IP] -j DROP
- -FORWARD: Blocks all forwarding traffic. Syntax is iptables -A FORWARD -s [IP] -j DROP
- tcp: Like Output, blocks TCP connections. Syntax is iptables -A INPUT -p tcp -s [IP] -j DROP
- icmp: Blocks port probing. Syntax is -A INPUT -p icmp -s [IP] -j DROP
Building Your iptables Block List
Now that you’ve been primed on the basics of iptables, you can create your own blacklist following these commands:
1. First, flush out all the old default rules and existing rules with the flush command:
2. Next, change your default chain policy with the following set of commands:
iptables -P INPUT DROPiptables -P FORWARD DROPiptables -P OUTPUT DROP
3. Set up IP blocking as you see fit using the commands in the previous section.
A Few Extra Resources
We’ll leave off today’s piece with a few awesome tips, tricks, and words of advice regarding some of the stuff you can do with iptables. First off, if you’re looking for a script that will automate the banning of abusive IPs, Fail2Ban is an excellent choice.
Next, our knowledge base contains dozens of other tutorials to help you use your Linux server. Our article on securing a linux server is a great start. Continue browsing to learn more.