How to block an IP by iptables (Red hat 6.2)

Posted on by Summa Lai

How to block an IP  by iptables (Red hat 6.2)

Solution 1:

Adjust the config file:

Vim /etc/sysconfig/iptables

Solution 2:

Syntax to block an IP address under Linux

iptables -A INPUT -s IP-ADDRESS -j DROP

Replace IP-ADDRESS with your actual IP address. For example, if you wish to block an ip address 65.55.44.100 for whatever reason then type the command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP
If you have IP tables firewall script, add the above rule to your script.

If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp –destination-port 25 -j DROP
The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25.

CentOS / RHEL / Fedora Block An IP And Save It To Config File

Type the following two command:
# iptables -A INPUT -s 65.55.44.100 -j DROP
# service iptables save

How Do I Unblock An IP Address?

Use the following syntax (the -d options deletes the rule from table):
# iptables -D INPUT -s xx.xxx.xx.xx -j DROP
# iptables -D INPUT -s 65.55.44.100 -j DROP
# service iptables save

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Below, it is a real sample from on my web server

Filename: /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Fri Sep  9 13:20:32 2016

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [37846:10291259]

-A INPUT -s 37.1.213.195/32 -j DROP

-A INPUT -s 191.96.249.53/32 -p tcp -m tcp –dport 443 -j DROP

-A INPUT -s 191.96.249.53/32 -p tcp -m tcp –dport 80 -j DROP

-A INPUT -s 191.96.249.54/32 -p tcp -m tcp –dport 80 -j DROP

-A INPUT -s 191.96.249.54/32 -p tcp -m tcp –dport 443 -j DROP

-A INPUT -p tcp -m tcp –dport 2323 -j ACCEPT

-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -p tcp -m tcp –dport 20001:21000 -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT

-A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT

-A INPUT -p tcp -m state –state NEW -m tcp –dport 631 -j ACCEPT

-A INPUT -j REJECT –reject-with icmp-host-prohibited

-A FORWARD -j REJECT –reject-with icmp-host-prohibited

COMMIT

# Completed on Fri Sep  9 13:20:32 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.