DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How does AI transform chaos engineering from an experiment into a critical capability? Learn how to effectively operationalize the chaos.

Data quality isn't just a technical issue: It impacts an organization's compliance, operational efficiency, and customer satisfaction.

Are you a front-end or full-stack developer frustrated by front-end distractions? Learn to move forward with tooling and clear boundaries.

Developer Experience: Demand to support engineering teams has risen, and there is a shift from traditional DevOps to workflow improvements.

Related

  • Iptables Basic Commands for Novice
  • Debugging Core Dump Files on Linux - A Detailed Guide
  • Analyzing “java.lang.OutOfMemoryError: Failed to create a thread” Error
  • Understanding ldd: The Linux Dynamic Dependency Explorer

Trending

  • It Costs That Much Because Observability Takes Hours
  • Scaling Azure Microservices for Holiday Peak Traffic Using Automated CI/CD Pipelines and Cost Optimization
  • What is Microsoft Fabric for Azure Cloud (Beyond the Buzz) and How It Competes with Snowflake and Databricks
  • Managing Encrypted Aurora DAS Over Kinesis With AWS SDK
  1. DZone
  2. Software Design and Architecture
  3. Performance
  4. Blocking Abusive IP Addresses With Iptables on Linux

Blocking Abusive IP Addresses With Iptables on Linux

Want to remain safe and secure in Linux? Here's a guide to blocking abusive IP addresses in Linux with iptables, including an overview of what iptables actually is.

By 
Drew Harvey user avatar
Drew Harvey
·
Mar. 11, 16 · Tutorial
Likes (5)
Comment
Save
Tweet
Share
6.0K Views

Join the DZone community and get the full member experience.

Join For Free
I’ve recently had some questions come up from some of my clients who want to know how they can block specific IP addresses that are abusing their websites and server. In those instances where you want to block a particular IP from your server and are running a distribution of Linux, you can block the traffic from that IP address by using iptables. This tutorial will teach you how to set up, view, and configure a rule to block a specific IP address.

cat_linuxWhat Is Iptables?

Iptables is a firewall, installed by default on most Linux distributions. By default iptables allows all traffic to pass through to your server, but you can configure it to restrict or drop traffic through a variety of rules that can be setup to limit who and what can actually connect to your server.

To access and use iptables, you’ll need root access, either by using sudo or having direct access to the root user of the server you’re working with. The iptables commands shown below assume you have direct access to the root user on the server, if not you’ll need to prefix them with the sudo command.

How to Set up a Rule to Block a Specific IP Address

The specific case being discussed in this article to the desire to simply stop any and all traffic originating from a specific IP address by simply dropping the inbound connection and not allowing it to proceed further.

The syntax to add a simple rule to iptables to block a specific IP address and drop its connection to the server is:

iptables -A INPUT -s {IP_ADDRESS} -j DROP

Looking at this command, there are a few flags that I think are important for you to know.

The -A flag followed by the INPUT chain indicates that the rule to is to be appended to the INPUT rule chain. We will only deal with the INPUT chain in this tutorial, as it is designed to affect only incoming traffic.

The -s flag followed by the IP address specifies the source of the traffic to be acted upon. It will apply any rules you define to any traffic coming from this source.

The -j flag followed by the DROP rule will cause the firewall to silently ignore the packet, and stop processing further rules in the specified chain.

So if we look at the command above, we’ve indicated that we want to append a new rule to the INPUT chain, and all traffic originating from the specified IP address will be silently ignored and dropped without further processing.

How Do I Unblock an IP Address?

In the event that you make a mistake and entered the wrong IP address, how do you remove that IP address so that traffic may flow freely from that IP address once again?

iptables -D INPUT -s {IP_ADDRESS} -j DROP

The new flag shown in this command is -D followed by the INPUT chain to indicate that we want the rule defined to be removed from the iptables entries.

How Do I View Currently Setup Iptables Rules?

To view currently setup rules, and confirm the rules you have entered you can execute the iptables command with the -L flag. This will list the current filter rules.

iptables -L

The output from this command will be similar to the following output is shown below. You’ll see all possible chains, and your new rules will appear under the INPUT chain.

Chain INPUT (policy ACCEPT)
target prot opt source destination 
DROP all -- {IP_ADDRESS} anywhere 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

Your New Iptables Rules Setup and Configured

The rules you’ve set up will take effect immediately, and in the case of the rules we’ve defined above you’ll start seeing that traffic from the IP address specified in the rule will instantly stop and will not be allowed to interact with your server.

Iptables Linux (operating system) Blocking (computing)

Published at DZone with permission of Drew Harvey, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Iptables Basic Commands for Novice
  • Debugging Core Dump Files on Linux - A Detailed Guide
  • Analyzing “java.lang.OutOfMemoryError: Failed to create a thread” Error
  • Understanding ldd: The Linux Dynamic Dependency Explorer

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: