Sunday, 18 March 2007

Linux: How to use iptables in order to deny access to speciffic IP's

Eventually I had to deal with that as well. Somebody trying to start DOS attacks on my site. Asking the experts revealed th at the safest way to deal such cases is to use iptables. The command works on the kernel level for any kind of access to your entire web space. To get things started let's suppose that the offending IP address is 192.167.250.1. To block out this address completely enter the following as root.

iptables -A INPUT -s 192.167.250.1 -j DROP

Naturally attacks do not come from just one IP. Their usual sources are entire ISP address blocks so it is much better to block out the entire IP range. The correct syntax for this command is :

iptables -A INPUT -s 192.167.250.0/24 -j DROP

Listing all active iptables rules is performed by the following command.

iptables -L

I will update this post with more info as soon as I 've learned more. For the moment here is a link for more info on the subject

1 comment :

Apostolos P. Tsompanopoulos said...

You can also create a script or an alias to automate it like this:

alias block_ip='sudo iptables -A INPUT -j DROP -s '

and use it as:

block_ip NNN.NNN.NNN.NNN