Why Block an IP Address on Linux Server?

In 2025, your Linux server is a magnet for abusers such as bots, spammers, or worse. Blocking an IP address with iptables answers the need to define a secure boundary against intruders.

Here are the main reasons why you would ever need to block an IP addresses:

  • Disarm Spammers: Spammers flooding your blog’s comments surely deserve a harsh block.
  • Halt Bot Attacks: Bots flooding your server with requests needs to be dealt with immediately.
  • User Experience: IPs (abusers) that are harassing your readers/visitors cannot be tolerated.
  • Stop DDoS Attack: A flood of malicious traffic from one IP, (DDoS), deserves instant block.

Blocking and IP address is not as daunting as it sounds. With just a few commands, you’ll block IP and get back to your operations with a piece of mind.

You’ll only need a root access, so log into your server (via console or secure connection), and let’s walk you through the commands you’ll use to block an IP address.

Read Also: What is IP Transit? Service and Pricing Guide

An infographic reading "IPTABLES in Linux" and showing the basic structural functionality of iptables.

How to Install iptables in Ubuntu?

Most Ubuntu versions come with iptables pre-installed, but if it’s missing or you’re setting up a fresh server, that command will get it installed:

sudo apt-get install iptables

How to Block IP Addresses, IP Range & Subnet

So, if you’re ready to deal with the troublemakers off your Linux server, we are going to introduce how iptables firewall work and how to block IP addresses immediately.

We’ll guide you through the commands to link and block a specific IP, an IP range, or a complete subnet on your Ubuntu system assuming you’re logged in with root access. Let’s get to it!

Blocking Specific IP Address:

If you have a single IP address causing you trouble, like a abusive spammer, the following command will permanently block their IP address:

iptables -A INPUT -s [IP] -j DROP

Just replace [IP] with the target address (e.g., 192.168.1.100).

Blocking Specific IP Range:

Sometimes, multiple IP addresses, like a botnet, may try to output malicious traffic to mess your server.

So, the following iptables command blocks them all at once:

iptables -A INPUT -m iprange --src-range [START]-[END] -j DROP

Swap [START] and [END] with the range endpoints (e.g., 192.168.1.100-192.168.1.200):

Blocking Complete Subnet:

When you have to deal with a complete subnet, for instance a rogue network flooding your website, the following command can easily block them all at once:

iptables -A INPUT -m iprange --src-range [START]-[END] -j DROP

Just replace [SUBNET ADDRESS] with the subnet and verify eth1 matches your interface.

Blocking an Interface Connection:

If you’re wondering how to block a connection through a specific interface use the following command:

iptables -A INPUT -i [Interface Name] -s [IP] -j DROP

Feel free to include a “+” sign to the end of the interface name, so you can block any interface with a name that begins with the characters you’ve inserted.

How to Block a Specific Port?

As a webmaster, blocking one IP address or an IP range may not resolve all your issues and sometimes you need to shut down a specific port. This may be especially helpful when a spam bot is sneaking to your mail server on a specific port, or an abusive script is causing you trouble.

In 2025, with servers under constant cyber attacks, iptables firewall allows you safeguard your ports, locking out connections to any specific one.

Use the following command to block a connection on a specific port:

iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP

This command prompts iptables to drop all TCP traffic from the specified IP affecting port 25. The -p tcp flag targets TCP protocol (swap for udp if needed), and -j DROP ensures the packets would vanish.

Make sure to run this with root access via your server’s router console to block the port forwarding.

A decorative image showing an interconnected globe.

How to Block Specific Country or Region

By mapping IP addresses to geographic locations, you can filter out unwanted visitors while keeping your Linux operating system secure.

Let’s explore using GeoIP with iptables, installing its modules, setting country-specific rules, and weighing performance impacts.

Using GeoIP Databases with iptables

GeoIP databases link IP addresses to countries, enabling iptables to block traffic by specific regions. The Firewall uses the xt_geoip module to match these locations, perfect for targeting bot countries.

iptables -m geoip --src-cc [COUNTRY_CODE] -j DROP

Example Country Blocking Rules

Block traffic from specific countries (e.g., China, CN) or allow only one (e.g., US) with these rules.

Replace country codes as needed for your system’s needs.

iptables -I INPUT -m geoip --src-cc CN -j DROP
iptables -I INPUT -m geoip ! --src-cc US -j DROP

How to View Blocked IP Addresses

If you’ve been restricting IP addresses, ranges and subnets, and now you’re wondering how to check the list of all abusers, use iptables firewall or UFW status to peek at your blocklist.

Whether you’re troubleshooting or just curious to explore blocked IP addresses, run either of the following commands to inspect the blocklist:

iptables -L -v
/sbin/iptables -L INPUT -v
sudo ufw status

The -L flag lists all rules, while -v adds details like packet counts and source IP addresses. For example, iptables -L -v shows every IP you have blocked with a DROP rule. The second command, is mainly used to focus on incoming traffic rules if your setup is quite complex.

How to Search for a Blocked Address

If you need to search for specific IP you’ve blocked in the past, iptables allows you search through the blocklist easily. So, the following syntax can help you confirm if an IP’s blocked out, saving you from scrolling through the endless rules:

iptables -L INPUT -v -n | grep [IP]

Just, replace [IP] with the address you’re checking (e.g., 192.168.1.100).

How to Remove Blocked IP Addresses

Sometimes you may need to unblock a specific IP address to restore its output flow, especially when it was blocked by mistake. Luckily, iptables on Ubuntu allows you to undo your blocks as easily as you set them. Whether you’re clearing a specific IP or tweaking the blocklist, a few commands can make it easy.

To remove a blocked IP, first check your blocklist with line numbers, delete the specific rule, and verify the change. Then, run these commands in order, replacing [LINE] with the rule’s line number (e.g., 3):

iptables -L INPUT -n --line-numbers
iptables -D INPUT [LINE]
iptables -L INPUT -v -n

If you know the exact IP to unblock (e.g., 1.2.3.4), this single command does the trick:

iptables -D INPUT -s 1.2.3.4 -j DROP

Also, if you want to log dropped packets for insights, this command logs attempts from an IP or subnet, replacing [IP/SUBNET] with the target (e.g., 192.168.1.0/24) and verifying eth1 matches your interface:

iptables -i eth1 -A INPUT -s [IP/SUBNET] -j LOG –log-prefix “IP DROP SPOOF A:”

How to Save Changes to Blocklist

When you’re ready with dealing with abusers, unblocking or making other tweaks, you need to save the changes you’ve made to your iptables firewall rules on CentOS, RHEL, or Fedora.

Use the following command to save all changes:

iptables save

This command saves all your iptables rules to the configuration system, keeping network infrastructure secure. Run it with root access in your terminal, and you’re set.

A decorative image showing a virtual wall surrounding a computer.

Additional Commands To Block An IP Addresses:

Now that you’ve got the basics of IP blocking with iptables firewall, sometimes you need to tighten the security measures even further.

The core commands are a solid start, but with bots and hackers getting smarter, you’ll want a few extra commands ready to shut down any IP address causing you trouble.

Block Outgoing Data (OUTPUT)

If you want to prevent data leaks outgoing from your server, the following command stops outgoing traffic connections from a specific IP instantly:

iptables -A OUTPUT -s [IP] -j DROP

Block Forwarded Data (FORWARD)

If an IP is using your server as a pass-through for malicious flow, the following command is perfect against proxy abusers:

iptables -A FORWARD -s [IP] -j DROP

Block TCP Connections (TCP)

When a spammer is abusing a specific service, like your mail port, this iptables command cuts their TCP connection in seconds:

iptables -A INPUT -p tcp -s [IP] -j DROP

Block Port Probing (ICMP)

Any hackers pinging your server to locate weaknesses, can be neutralized immediately, by using this iptables command to blocks their ICMP probes:

iptables -A INPUT -p icmp -s [IP] -j DROP

With these commands in your toolkit, you’re ready to safeguard your local network, from spammers to snoopers, keeping your server untouchable.

How to Build Your iptables Block List?

Now that you know how to deal with abusive IP addresses, it’s time to build your blacklist to keep your Linux server safe from the digital threats.

With iptables, you can start fresh, lock down your server, and block troublemakers with precision. The process involves clearing old rules, setting strict defaults, and adding your blocks. Here’s how to build a block list, assuming you’re logged in with root access on your server’s terminal:

Flush Old Rules

Before you start, wipe out any outdated or default rules cluttering your setup. The following command resets iptables to a clean slate, ready for your custom list.

iptables -F

Set Chain Policies

Now, enhance your server by setting strict default policies to drop all flow unless you say otherwise. These commands lock down incoming, forwarded, and outgoing connections by default.

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

IP Blocking Rules

With the slate clean and defaults values, it’s time to add your specific blocks. Use the IP blocking commands from earlier sections to target spammers, bots, or other nuisances.

iptables -A INPUT -s [IP] -j DROP

Your block list is now live, turning your server into a no-go zone for unwanted IPs. Tweak as needed to keep your network infrastructure secure and running.

An image reading "Firewall with UFW on Ubunto"

Simplifying Security with Uncomplicated Firewall (UFW)

If iptables firewall seems too manual work for you, meet the Uncomplicated Firewall (UFW), which is your Linux operating system best friend against cyber threats.

In 2025, with spammers and bots getting smarter, UFW simplifies blocking IP addresses or tweaking ports on Ubuntu or Debian operating systems.

Here are some examples to consider:

Block an IP Address via UFW

If you need to prevent bot from entering your server via UFW, the following command blocks all data flow from a specific IP address, similarly as iptables rules:

sudo ufw deny from [IP]

Allowing Server Port via UFW

If you want to keep your SSH port open for legit users only using UFW, the following command allows network load to a chosen port, like 22 for SSH, without exposing others.

sudo ufw allow [PORT]/tcp

Blocking a Server Port via UFW

If you have a spammer clogging your mail port, the following command for UFW shuts down packets flow to a server port, from any source, so use the following syntax:

sudo ufw deny [PORT]/tcp

These UFW commands make securing your server easy, so it’s good to have a grasp of how they work.

A decorative image showing ping responses from the Windows's Command Prompt (CMD).

Read Also: What Is IP Restriction and How Does It Work?

Block IP Addresses iptables – FAQ

Will my iptables rules survive a system reboot?
No, unless you save them with (iptables-save) on CentOS, RHEL, or Fedora to verify your rules are saved post server reboot.

How can I block all IPs except a whitelist?
Set a default DROP policy (iptables -P INPUT DROP) and allow IP addresses with iptables -A INPUT -s [IP] -j ACCEPT.

What’s the difference between DROP and REJECT targets?
DROP silently discards IP address forwarding traffic, while REJECT sends an error response, potentially alerting the sender.

How do I block an entire country?
Use GeoIP modules with iptables to block country-related IP addresses ranges, requiring additional setup like xt_geoip.

Can iptables block DDoS attacks effectively?
Iptables can mitigate small DDoS attacks by IP blocking or limiting connections, but large attacks need advanced tools.

How do I see which IPs are currently blocked?
Run iptables -L -v to view all blocked IP addresses and rules in your iptables configuration.

Is there a limit to how many IPs I can block?
There’s no strict limit, but too many rules can slow your server, so optimize with ranges or subnets.

How do iptables and Docker interact?
Docker manages its own iptables rules, which can conflict; use Docker’s –iptables=false flag for manual control.

Should I use iptables or nftables on new systems?
nftables is the newer, more flexible choice for modern systems, but iptables is still reliable for existing setups.

ServerMania’s IP Transit Leasing service offers a smart way to keep abusers away! Talk to an expert now and get started today.