Block IP Addresses With IPtables

We wrote about blocking particular IP addresses with the route command here. If you are already using iptables, or want to start, a better way is to block particular hosts:

iptables -I INPUT -s 25.55.55.55 -j DROP

This command will simply drop any packet coming from the address 25.55.55.55. To list the chains:

iptables -L -n
.
.
.
DROP       all  --  25.55.55.55          0.0.0.0/0          
DROP       all  --  202.55.56.55         0.0.0.0/0
.
.
.

The -n sticks with just IP addresses, rather than resolving the name. This is useful if you have a lot of IP addresses. It can take a lot of time to resolve all of the addresses, particularly since they are probably funky. After all, you have blocked them for some reason. If you need to investigate with names, just use the command with out -n:

iptables -L
.
.
.
DROP       all  --  55.55.55.25.i.portscan.com  anywhere           
DROP       all  --  55.56.55.202.many.fetch.api.request.com anywhere 
.
.
.

If you later decide that you don’t want to drop packets from a particular host, use the -D option instead of -I:

 
iptables -D INPUT -s 25.55.55.55 -j DROP

For more details on iptables, here is the manpage. Do be careful about changing firewall/route settings on remote servers, OK? You can block the rest of the world and yourself out with the wrong command.