Block an IP Address in Linux

When running a Linux-based network gateway (like a modified version of Untangle that I do), the amount of network magic that can be done is astounding!

I was noticing that a certain IP address had multiple intrusion attempts to my network. After a quick Arin check, the IP was from a foreign country that would be difficult to deal with, so I just decided to kill all traffic from that IP. This could easily be a cat-and-mouse game of me blocking IPs and new ones being used so I figure that I will just block IPs that have a large number of attempted logins, rather than all failed attempts.

Typing in the following will block all communication from the IP (where X.X.X.X is the ip address):

# iptables -A INPUT -s X.X.X.X -j DROP

If you need to unblock it for any reason, typing the following will do so:

# iptables -D INPUT -s X.X.X.X -j DROP

Leave a Reply

Your email address will not be published. Required fields are marked *