Block IP Addresses With IPtables

We wrote about blocking particular IP addresses with the route command here. If you are already using iptables, or want to start, a better way is to block particular hosts:

iptables -I INPUT -s 25.55.55.55 -j DROP

This command will simply drop any packet coming from the address 25.55.55.55. To list the chains:

iptables -L -n
.
.
.
DROP       all  --  25.55.55.55          0.0.0.0/0
DROP       all  --  202.55.56.55         0.0.0.0/0
.
.
.

The -n sticks with just IP addresses, rather than resolving the name. This is useful if you have a lot of IP addresses. It can take a lot of time to resolve all of the addresses, particularly since they are probably funky. After all, you have blocked them for some reason. If you need to investigate with names, just use the command with out -n:

iptables -L
.
.
.
DROP       all  --  55.55.55.25.i.portscan.com  anywhere
DROP       all  --  55.56.55.202.many.fetch.api.request.com anywhere
.
.
.

If you later decide that you don't want to drop packets from a particular host, use the -D option instead of -I:

iptables -D INPUT -s 25.55.55.55 -j DROP

ABSOLUTELY NO WARRANTY | free software

# find

Block IP Addresses With IPtables

# tags