Iptables – Block Ip’s

Block-iconIf you have gone through your logs, you will most likely find a lot of login attempts on ssh port. And probably some on the apache service. If you identify these ip’s, here is how to block them from entering your system.

What we in reality will do is to drop all request from their ip’s. We will not even reply that they are blocked. A few reasons for this. First they will waste time, as their system will wait for a timeout to happen. Second they can’t see there is anything on your ip anymore. Another option is to Reject their request instead of dropping it. A reject will tell the connecting system that they are being rejected. They don’t have to wait for a timeout anymore, and they know your system is on that ip. A few reasons why I drop instead of reject.

After going through our logs we find that the IP: 122.225.103.69 needs to be blocked.
We issue following command as root or sudo:
iptables -I INPUT -s 122.225.103.69 -j DROP

The -I means Insert a rule (an Input rule in this case)
The -s is the source for what we want to block
The -j means Jump to target. (our target is DROP)

Now this ip can not longer access any port or service on your system. Then you discover you typed in wrong ip. You wanted to block 122.225.103.84 instead of the ip you just blocked. You will then need to remove the blocking. This can be done in a few different ways, but the cleanest way is to remove it from the iptable config. Here is how:

iptables -L INPUT -n –line-numbers | grep 122.225.103.69
This will return a line number in the very beginning of the output from this command. Lets pretend you have a lot of ip’s in your config, and the ip you want to remove blocking for is on line number 155. You then:
iptables -D INPUT 155

You can now go ahead and block the other ip you wanted to block instead of the first one. If you need to know how to save your iptable config, check this article.

Happy blocking!

About Author

Related Posts

Using rsync for One-Way Sync for backup

If you’re looking to set up a one-way sync between a NAS running Debian and a backup machine also running Debian, rsync is a powerful tool to achieve this….

php8 gd

PHP8 gd Activate after installation

PHP8 GD activate after installation. GD doesn’t get activated by default. Not even a reboot after installation will activate it. So how do we do it? In…

Debian 12: linux-image-6.1.0-10amd64

Troubleshooting dependency issues in Debian 12: Resolving linux-image-6.1.0-10amd64 package dependency problems. If you installed the Debian 12 from the live image the issue is the raspi-firmware. Even…

4 Best Free Nas Software That Is Open Source

Free NAS software or operating systems that are free to use and will turn a computer into a NAS more advanced than the dedicated boxes sold. What…

Raspbian default password

Raspbian default password

Looking for the Raspbian default password? It is the most essential username and password that you will need for your raspberry. At least if you are running…

OpenMediaVault default password

OpenMediaVault default password

OpenMediaVault default password is printed in the documentation. I did not see it the first time I installed it either. So I had to do some detective…

Leave a Reply