How to block an IP/netblock using iptables

To block IPs in Linux you use a program called iptables that should already be installed on your server. To issue the neccessary commands you will need to login to your server via SSH as the root user.

Adding Temporary Rules:
To make only temporary rules that will not survive a reboot you can do the following steps. Once the rules are setup correctly they can be made permanent
Step 1) Determine which IPs need to be blocked from accessing your server.
Step 2a) To block a single IP issue the following command at the command prompt
iptables -I INPUT -s -j DROP
Step 2b) To block a range of IPs issue the following command at the command prompt. This will block all ips starting at and incrementing by one until it reaches and includes 
iptables -I INPUT -s : -j DROP
Step 2c) To block a Netblock of IPs issue the following command at the command prompt. This will block all ips that fall into the subet by applying the to .
iptables -I INPUT -s / -j DROP

Removing Temporary Rules:
Step 1) At the command line type the following command to display the list of current rules:
iptables -L
Step 2) The previous command should have displayed "Chain INPUT" followed by a list of rules. The top most rule is considered to be Rule 1. Count down to the rule you wish to remove and note its number. So the first rule is Rule 1, the second is Rule 2, etc.
Step 3) Type in the following command where is the number of the rule you wish to delete
iptables -D INPUT 

Making/Adding Permanant Rules:
The above rules will only last until your server is rebooted. There are two ways to make make the rules permant on a RHEL or CENTOS based system. You can setup temporary rules as shown above and then save the current configuration when you are sure all the rules are correct. To do this you type in the following command which will save the rules and make sure they run at the next reboot.
iptables-save > /etc/sysconfig/iptables; chkconfig iptables on

The second method is to add the rules manually to the file /etc/sysconfig/iptables and then restart iptables. The rules themselves remain mostly unchanged as seen below. The only difference is that you do not call the iptables command.
1a) To block a single IP add the following to /etc/sysconfig/iptables.
-I INPUT -s -j DROP
1b) To block a range of IPs add the following to /etc/sysconfig/iptables.
-I INPUT -s : -j DROP
1c) To block a Netblock of IPs add the following to /etc/sysconfig/iptables
-I INPUT -s / -j DROP
2) Restart iptables by issusing the following command:
service iptables restart
3) Ensure iptables runs at reboot
chkconfig iptables on

Removing Permanant Rules:
1) Delete the rules from the file /etc/sysconfig/iptables
2) Restart iptables by issusing the following command:
service iptables restart
Both comments and pings are currently closed.

Comments are closed.