4. How do I deny incoming access to a specific IP address using linux iptables?

How do I deny incoming access to a specific IP address using linux iptables?


  • iptables is the command to use to setup firewall rules on Linux for IPv4 and NAT. These are just a few command, see the iptables man page for more details.

    To list the firewall rules on all chains, INPUT, FORWARD & OUTPUT:

    # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere 10.x.x.x tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

    If you want packet information too use the following command:

    # iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 18M packets, 2016M bytes)
pkts bytes target prot opt in out source destination
48 14784 DROP tcp -- * * 0.0.0.0/0 10.x.x.x tcp dpt:22

    Add a firewall rule to prevent access on ssh port 22 for IP address 10.x.x.x

    # iptables -I INPUT -p tcp -d 10.x.x.x -m tcp --destination-port 22 -j DROP

    Save the rules to a file:

    # iptables-save > /etc/sysconfig/iptables

    To delete a rule. First list the rules with line numbers using:

    # iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP tcp -- anywhere 10.x.x.x tcp dpt:ssh

    Then use the following command to delete the rule:

    # iptables -D INPUT 1
linux 595
Log in to reply
 

© Lightnetics 2024