We have already discussed about the IPTables basics in Linux and also some common usages of it to secure your Linux server.
By using iptables you can block particular IP address or a range of IP addresses on your server to protect your server. In this way you can block IPs which are in listed on your secure log for suspicious activities.
That’s why, simply you can secure your server from unwanted connections.
To block an IP address from server, you need to add blocking rules to your iptables INPUT chain. The important iptables switches required to perform this actions are;
-A : Add a rule
-s : To specify the IP address
-J : Jump to target
How do I block an IP address on my server ?
You can simply block by using the above mentioned switches. See the below pasted examples;
Syntax:
iptables -A INPUT -s IP-ADD -j DROP
Example:
iptables -A INPUT -s xx.xx.xx.xx -j DROP
Where xx.xx.xx.xx is the IP address which you want to block.
Then save the newly added rules to iptables.
service iptables save
How can I block a particular PORT for a particular IP on your Linux server ?
Yes, in some situations we have to block some ports to a particular IP address. We can simply manage this from command-line using the iptables command.
Additional switches required;
-p : To specify protocol
--destination-port : to specify port
Syntax:
iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP
Example:
iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP
Where port 25 will be blocke for that particular IP address.
How can I unblock IP address from block-list ?
You can allow IP address by changing the target to ACCEPT (iptables -A INPUT -s IP-ADD -j ACCEPT). But, if the IP address is already blocked in your server firewall, the allowing method using “ACCEPT” as target will not work.
Because, we have already added one rule for this IP to block. By-default the iptables execute rules from top to bottom. So, we need to remove that rule from INPUT chain.
Switch to remove an iptables rule:
-D : Delete a rule
Syntax:
iptables -D INPUT -s IP-ADD -j DROP
Example:
iptables -D INPUT -s xx.xxx.xx.xx -j DROP
service iptables save
Alternate method – using line number
It’s very useful if your iptables has a lot of rules. In this case we can remove that particular line by using the switch “D” after found that line number using “–line-number” switch.
IPTable command to list all rules with line number:
iptables -L -n --line-number
Example:
root@test [~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 acctboth all -- 0.0.0.0/0 0.0.0.0/0
2 DROP all -- xx.xx.xx.xx 0.0.0.0/0
3 DROP all -- xx.xx.xx.xx 0.0.0.0/0
4 DROP all -- xx.xx.xx.xx 0.0.0.0/0
5 DROP all -- xx.xx.xx.xx 0.0.0.0/0
6 DROP all -- xx.xx.xx.xx 0.0.0.0/0
7 DROP all -- xx.xx.xx.xx 0.0.0.0/0
8 DROP all -- xx.xx.xx.xx 0.0.0.0/0
If you want to remove the 8th line, use -D switch and specify the line number.
Example:
iptables -D INPUT 8
That’s all 🙂 🙂
Related topics:
1. What is iptables in Linux ?
2. How to save/backup existing iptables rules to a file
3. How to allow/block PING on Linux server – IPTables rules for icmp
CSF commands for Unix/Linux servers
Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.
CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.
The installation ans usage of CSF is quit simple. Read More…
I have two IPs in my server and for my secondary IP, I want to BlOCK all incoming port connections except MySQL.
Could you please help?
You can use the IPTables switch “-i” to select the interface.
Hi,
can anyone please tell me how to write a iptable blocksite rule to block (say “google.com”) for all users (ip ) expect for a single ip address.
Pls help me out. i am using bm algorithm for string matching for block sites
Dont you need to restart iptables after this?
The “service iptables save” command will add the rule to your iptable chain. Just to make sure everything works, you can restart the firewall using “service iptables restart”.
Nice security tip. I found another tool called fail2ban which can provide extra security. It blocks the offending IP addresses automatically.
hello sir how to open blocked website in using ubuntu os????????
Can you please elaborate it?
Or send an email to arun(@)crybit.com
sir, thank you for the great info.
I have an issue, I wanted and blocked all connection from a specific IP how ever, I have 10 users I like to let 3 of them to still have access to that specific IP that I have blocked (DROP) .
Could you please assist me on this? Thank you in advance for your time.
Dear Nikola,
I don’t get what you mean, exactly.
Those three users are from the same blocked n/w?
Wow, this paragraph is nice, my younger sister is analyzing these kinds of things, therefore I am going to convey her.
Hello Humberto,
Thanks for the kind words of appreciation.
i have blocked some of the blacklisted IP address in my iptables using the iptables command…how to check whether it is actually blocked or not?
Smitha,
If it is listing in iptables -Ln command with DROP rule, definitely they can’t access you!!
Hi i have centos 5.9 version in that i have installed elastix application, the problem is i am not able to cal from one extension number to other extension number. And also let me what is the command to see particlular ip address is blocked or not in Centos
Hi Mahesh,
You can check it from the command line.
Most of system admins need to block visitors by country. You can download the country IP address list from ip2location.com/free/visitor-blocker and use iptables to block them from accessing your servers.