{"id":815,"date":"2013-10-19T01:31:36","date_gmt":"2013-10-18T23:31:36","guid":{"rendered":"http:\/\/www.shukko.com\/x3\/?p=815"},"modified":"2013-11-13T17:08:25","modified_gmt":"2013-11-13T15:08:25","slug":"linux-block-port-with-iptables","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2013\/10\/19\/linux-block-port-with-iptables\/","title":{"rendered":"Linux: Block Port With IPtables"},"content":{"rendered":"

http:\/\/www.cyberciti.biz\/faq\/iptables-block-port\/<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Block Incoming Request From IP 1.2.3.4<\/h2>\n

The following command will drop any packet coming from the IP address 1.2.3.4:<\/p>\n

\u00a0\r\n\/sbin\/iptables -I INPUT -s {IP-HERE} -j DROP\r\n\/sbin\/iptables -I INPUT -s 1.2.3.4 -j DROP<\/pre>\n
You can also specify an interface such as eth1 via which a packet was received:<\/p>\n
\u00a0\r\n\/sbin\/iptables -I INPUT -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP\r\n\/sbin\/iptables -I INPUT -i eth1 -s 1.2.3.4 -j DROP<\/pre>\n
Please note that when the “!” argument is used before the interface name, the sense is inverted:<\/p>\n
\u00a0\r\n\/sbin\/iptables -I INPUT ! -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP\r\n\/sbin\/iptables -I INPUT ! -i eth1 -s 1.2.3.4 -j DROP<\/pre>\n
If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match:<\/p>\n
\u00a0\r\n\/sbin\/iptables -I INPUT  -i {INTERFACE-NAME-HERE}+ -s {IP-HERE} -j DROP\r\n\/sbin\/iptables -I INPUT  -i br+ -s 1.2.3.4 -j DROP<\/pre>\n
You can replace -I INPUT (insert) with -A INPUT (append) rule as follows:<\/p>\n
\u00a0\r\n\/sbin\/iptables -A INPUT  -s 1.2.3.4 -j DROP\r\n\/sbin\/iptables -i eth1 -A INPUT  -s 1.2.3.4 -j DROP<\/pre>\n
How Do I Block Subnet (xx.yy.zz.ww\/ss)?<\/h3>\n
Use the following syntax to block 10.0.0.0\/8 on eth1 public interface:
\n# \/sbin\/iptables -i eth1 -A INPUT -s 10.0.0.0\/8 -j DROP<\/code><\/p>\n
How Do I Block and Log Dropped IP Address Information?<\/h3>\n
You can turn on kernel logging of matching packets with LOG target as follows:
\n# \/sbin\/iptables -i eth1 -A INPUT -s 10.0.0.0\/8 -j LOG --log-prefix \"IP DROP SPOOF A:\"<\/code>
\nThe next rule will actually drop the ip \/ subnet:
\n# \/sbin\/iptables -i eth1 -A INPUT -s 10.0.0.0\/8 -j DROP<\/code><\/p>\n
How Do I View Blocked IP Address?<\/h3>\n
Simply use the following command:
\n# \/sbin\/iptables -L -v<\/code>
\nOR
\n# \/sbin\/iptables -L INPUT -v<\/code>
\nOR
\n# \/sbin\/iptables -L INPUT -v -n<\/code>
\nSample outputs:<\/p>\n
Chain INPUT (policy ACCEPT 3107K packets, 1847M bytes)\r\n pkts bytes target     prot opt in     out     source               destination\r\n    0     0 DROP       all  --  br+    any     1.2.3.4              anywhere\r\n    0     0 DROP       all  --  !eth1  any     1.2.3.4              anywhere\r\n    0     0 DROP       all  --  !eth1  any     1.2.3.4              anywhere<\/pre>\n
How Do I Search For Blocked IP Address?<\/h3>\n
Use the grep command<\/a> as follows:
\n# \/sbin\/iptables -L INPUT -v -n | grep 1.2.3.4<\/code><\/p>\n
How Do I Delete Blocked IP Address?<\/h3>\n
First, you need to display blocked IP address along with line number<\/a> and other information, enter:
\n# iptables -L INPUT -n --line-numbers
\n# iptables -L INPUT -n --line-numbers | grep 1.2.3.4<\/code>
\nSample outputs:<\/p>\n
num   pkts bytes target     prot opt in     out     source               destination\r\n1        0     0 DROP       0    --  *      *       116.199.128.1        0.0.0.0\/0\r\n2        0     0 DROP       0    --  *      *       116.199.128.10       0.0.0.0\/0\r\n3        0     0 DROP       0    --  *      *       123.199.2.255        0.0.0.0\/0<\/pre>\n
To delete line number 3 (123.199.2.255), enter:
\n# iptables -D INPUT 3<\/code>
\nVerify the same, enter:
\n# iptables -L INPUT -v -n<\/code>
\nYou can also use the following syntax:
\n# iptables -D INPUT -s 1.2.3.4 -j DROP<\/code><\/p>\n
How Do I Save Blocked IP Address?<\/h2>\n
If you are using Redhat \/ RHEL \/ CentOS \/ Fedora Linux, type the following command:
\n# iptables -D INPUT -s 1.2.3.4 -j DROP
\n##########################
\n#\/\/\/\/\/\/ command to save iptables \/\/\/\/\/\/\/#
\n##########################
\n# \/sbin\/service iptables save
\n# less \/etc\/sysconfig\/iptables
\n# grep '1.2.3.4' \/etc\/sysconfig\/iptables<\/code>
\nFor all other Linux distributions<\/strong> use the iptables-save command to dump the contents of an IP Table<\/a> to a file:
\n# iptables-save > \/root\/myfirewall.conf<\/code>
\nPlease not that you need to run the ‘iptables-save’ or ‘service iptables save’ as soon as you add or delete the ip address.<\/p>\n
A Note About Restoring Firewall<\/h4>\n
To restore your firewall use the iptables-restore command to restore IP Tables from a file called \/root\/myfirewall.conf<\/a>, enter:
\n# iptables-restore < \/root\/myfirewall.conf<\/code><\/p>\n
How Do I Block Large Number Of IP Address or Subnets?<\/h2>\n
You need to write a shell script as follows:<\/p>\n
#!\/bin\/bash\r\n_input=\"\/root\/blocked.ip.db\"\r\nIPT=\/sbin\/iptables\r\n$IPT -N droplist\r\negrep -v \"^#|^$\" x | while IFS= read -r ip\r\ndo\r\n\t$IPT -A droplist -i eth1 -s $ip -j LOG --log-prefix \"IP BlockList \"\r\n\t$IPT -A droplist -i eth1 -s $ip -j DROP\r\ndone < \"$_input\"\r\n# Drop it\r\n$IPT -I INPUT -j droplist\r\n$IPT -I OUTPUT -j droplist\r\n$IPT -I FORWARD -j droplist<\/pre>\n
See also: iptables: Read a List of IP Address From File And Block<\/a><\/p>\n
Block Outgoing Request From LAN IP 192.168.1.200?<\/h2>\n
Use the following syntax:
\n# \/sbin\/iptables -A OUTPUT -s 192.168.1.200 -j DROP
\n# \/sbin\/service iptables save<\/code>
\nYou can also use FORWARD default chainswhen packets send through another interface. Usually FORWARD used when you setup Linux as a router:
\n# \/sbin\/iptables -A FORWARD -s 192.168.1.200 -j DROP
\n# \/sbin\/service iptables save<\/code><\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
http:\/\/www.cyberciti.biz\/faq\/iptables-block-port\/     Block Incoming Request From IP 1.2.3.4 The following command will drop any packet coming from the IP address 1.2.3.4: \u00a0 \/sbin\/iptables -I INPUT -s {IP-HERE} -j DROP \/sbin\/iptables -I INPUT -s 1.2.3.4 -j DROP You can also specify an interface such as eth1 via which a packet was received: \u00a0 \/sbin\/iptables -I […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-815","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=815"}],"version-history":[{"count":2,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/815\/revisions"}],"predecessor-version":[{"id":821,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/815\/revisions\/821"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}