This tutorial will show you how to block an IP address from accessing your Linux machine using the built in firewall IPTables.
If you are responsible for a Linux server, security becomes a big concern. Some of the biggest threats to a server’s security are DDOS attacks and repeated attempts to enter the server using automates bots. There are a number of ways by which you can detect the IP address of a potential intruder. But what do you do after you have located his/her IP address? Well, you block it. Here’s how you do it using IPTables which is the firewall that ships with most flavors of Linux.
If you have just one IP address that you want to block from Linux you can use the following method:
# iptables -I INPUT -s 122.174.12.228 -j DROP
This command will add an entry into your iptables configuration file, instructing it to drop any packets that come from the IP 122.172.9.222. If you face numerous attacks you are better of using a slightly more automated method to add the IPs from your ban list. To do that create the following script:
#!/bin/sh
for i in $(< banned_IPs.cfg) ; do
iptables -I INPUT -i eth1 -s "$i" -j DROP
done
Save the script into a file named something like banned_IPs.sh and grant it executable privileges:
# chmod +x banned_IPs.sh
Now create a file called banned_IPs.cfg and enter the list of IP addressed you want to block, each in a new line:
122.174.12.228
129.122.10.23
111.154.84.130
Now run the script banned_IPs.sh to have the IP address(es) you want blocked added to the list of banned IPs in iptables:
# ./banned_IPs.sh
Simple, clear and efficient. Thank you for the perfect answer!