Monday, January 8, 2018

How to Block IPs in linux server.


If you wish to block an IP address from accessing your server for some reason, you can do this by changing the Iptables rules. Follow the steps given below to perform this task successfully.

Step 1: Login as root user

Login to your server as root user
ssh root@server-ip

Step 2: Add new Iptables rule

Enter the following rule to block an IP address from accessing your server
iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with the actual IP address that you want to block completely. The above rule will drop all packets coming from that particular IP to all server ports.

Aternate option – Block access to a specific port

To block server access from an IP address only on a specific port on the server, the following syntax must be used
iptables -A INPUT -s IP-ADDRESS -p tcp --destination-port port_number -j DROP
Replace the port_number with the actual one that you want to block access to.

Step 3: Saving Iptables rule

On Ubuntu:
By default Iptables rules will be wiped out once the server is restarted. To save the Iptabels rules permanently, the settings can be saved in a few different ways, but the easiest way is with the “iptables-persistent” package. This can be download from Ubuntu’s default repositories:
sudo apt-get update

sudo apt-get install iptables-persistent
Save your firewall rules with this command:
sudo invoke-rc.d iptables-persistent save
On CentOS/RHEL/Fedora:
Save your iptables rules with this command:
service iptables save

To revoke the drop rule:

To revert the rule and to allow the IP address to access the server run the following command
For all ports:
iptables -D INPUT -s IP-ADDRESS -j DROP
For specific port:
iptables -D INPUT -s IP-ADDRESS -p tcp --destination-port port_number -j DROP
Then save the changes using the commands mentioned previously.

No comments:

Post a Comment

Installation FreeRADIUS and Daloradius on CentOS 7 and RHEL 7

SELINUX Setting:- Before installations, I recommend turning off SELinux or setting it in permissive mode:- [root@radius ~]# setenforce ...

Popular Posts