Firewall – How Do I Block an IP Address on My Linux server?

Posted by Jiltin     12 June, 2009    1,279 views   

firewall_diagram.jpg What is iptable? Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates Network Address Translation (NAT), packet filtering, and packet mangling in the Linux 2.4 and later operating systems. NAT is the process of converting an Internet Protocol address (IP address) into another IP address. Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. Packet mangling is the ability to alter or modify packets before and/or after routing.

Iptables and netfilter are the successor to ipchains and ipfwadm in earlier versions of Linux. Netfilter and iptables are often combined into the single expression netfilter /iptables, which refers to the Linux 2.4 and later subsystems for NAT, firewall, and advanced packet processing.

How do I block an IP address or subnet under Linux operating system?

In order to block an IP on your Linux server you need to use iptables tools (administration tool for IPv4 packet filtering and NAT) and netfilter firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows:
Syntax to block an IP address under Linux

iptables -A INPUT -s IP-ADDRESS -j DROP

Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:

# iptables -A INPUT -s 65.55.44.100 -j DROP

If you have IP tables firewall script, add above rule to your script.

If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp –destination-port 25 -j DROP
The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.

You can also create Security Shell Script to block the ips: Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server.

#!/bin/bash
# Simple iptables IP/subnet block script
# ————————————————————————-
# This script is licensed under GNU GPL version 2.0 or above
# ————————————————————————-
# Visit http://bash.cyberciti.biz/ for more information.
# ———————————————————————-
IPT=/sbin/iptables
SPAMLIST=”spamlist”
SPAMDROPMSG=”SPAM LIST DROP”
BADIPS=$(egrep -v -E “^#’^$” /root/iptables/blocked.ips)

# create a new iptables list
$IPT -N $SPAMLIST

for ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG –log-prefix “$SPAMDROPMSG”
$IPT -A $SPAMLIST -s $ipblock -j DROP
done

$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST

Or a more simple way

Take a look at your log file (/var/log/secure for Fedora Core 4) and you will discover numerous automated ssh hacking attempts using dictionary attack. So now you have identified the offending addresses. How do you stop them?

Here comes the magic mantra which uses iptables (packet) firewall:

iptables -A INPUT -s a.b.c.d -j DROP

Replace a.b.c.d with the offending IP address. Repeat this for each of the offending IP addresses.

Following Google Searches Lead To This Post: oracle 10g + fedora 11 64

Post to Twitter  Post to Delicious  Post to Digg    Post to StumbleUpon

Categories : Scripts Unix, Web & Scripts Tags :

Comments

No comments yet.


Leave a comment

(required)

(required)