If you are responsible for a Linux server, security becomes a big concern. Some of the biggest threats to a server’s security are DDOS attacks and repeated attempts to enter the server using automates bots. There are a number of ways by which you can detect the IP address of a potential intruder. But what do you do after you have located his/her IP address? Well, you block it. Here’s how you do it using IPTables which is the firewall that ships with most flavors of Linux.

If you have just one IP address that you want to block you can use the following method:

# iptables -I INPUT -s 122.174.12.228 -j DROP

This command will add an entry into your iptables configuration file, instructing it to drop any packets that come from the IP 122.172.9.222. If you face numerous attacks you are better of using a slightly more automated method to add the IPs from your ban list. To do that create the following script:

#!/bin/sh
for i in $(< banned_IPs.cfg) ; do
iptables -I INPUT -i eth1 -s "$i" -j DROP
done

Save the script into a file named something like banned_IPs.sh and grant it executable privileges:

# chmod +x banned_IPs.sh

Now create a file called banned_IPs.cfg and enter the list of IP addressed you want to block, each in a new line:

122.174.12.228
129.122.10.23
111.154.84.130

Now run the script banned_IPs.sh to have the IP addresses you want blocked added to the list of banned IPs in iptables:

# ./banned_IPs.sh