Comments on: How to block an IP in Linux

By: Mark

Mark — Fri, 26 Aug 2011 16:37:05 +0000

Just wanted to add that on RedHat based systems, you can do that last little bit of saving the configuration for use on reboot just using the init scripts, i.e.

/etc/init.d/iptables save

which will save the current configuration to the file /etc/sysconfig/iptables, which is always used to restore on reboot.

i.e. the block script would be (either run as root or with a sudo command):

#!/bin/bash
iptables -I INPUT -s $1 -j DROP
/etc/init.d/iptables save

and then there is no need to do the equivalent of the line in the /etc/network/interfaces file (which doesn’t exist in RedHat based systems).

By: Richard

Richard — Tue, 15 Feb 2011 01:30:33 +0000

Works for me. Just what I was looking for.

By: Richard

Richard — Wed, 15 Dec 2010 11:03:29 +0000

Qoalu,

If you have not already figured this out, ensure that you made the script executable: chmod 755 ./block

By: Devon

Devon — Tue, 03 Aug 2010 13:42:23 +0000

Qoalu,

you created the “block” file and it’s contents are the shell script at the top of this post? Are you sure it’s not working? The iptables commands should take effect immediately when called manually or via my script above. If you add the iptables command to the interfaces file you will need to bounce the interface, or you can just run the command yourself manually.

Devon

By: Qoalu

Qoalu — Mon, 02 Aug 2010 11:23:16 +0000

Hallo,

I created a file in /home called block, ran it with “block X.X.X.X” and “./block X.X.X.X”. Neither works. What am I doing wrong.

Let’s say I add the ip manually to the /etc/network/interfaces like this:

iptables -A INPUT -s X.X.X.X -j DROP

When will the directive activate, do I need to restart the interfaces?

Regards, Qoalu.

By: JD

JD — Thu, 01 Jul 2010 21:29:26 +0000

Thanks for the quick reply!
Sorry, I was reading many of your articles and ended up posting that comment on the wrong article; it was meant for “Using IPTables to Prevent SSH Brute Force Attacks”.

Please delete it if you wish, I’ll repost in the correct one if that is Ok.

Thanks again.

By: Devon

Devon — Thu, 01 Jul 2010 21:09:47 +0000

If you use this method all of the blocked IPs end up in this file: /etc/network/iptables.save so you can easily see them. If you’re asking more generally how to get firewall/iptables log entries segregated into their own log then I recommend using syslog-ng and setting things up a bit like this:

…..
destination firewall { file(“/var/log/firewall.log”); };
……
filter f_firewall { match(“Firewall”); };
……
filter f_kernel { facility(kern) and not filter(f_firewall); };
……
log {
source(s_sys);
filter(f_firewall);
destination(firewall);
};

By: jd

jd — Thu, 01 Jul 2010 21:03:23 +0000

How would you go about adding these blocks to a separate log file? Say /var/log/iptables.log.

Thanks.

By: rhalff

rhalff — Thu, 17 Sep 2009 13:16:48 +0000

Apparently you can also do something like:

ip ro add blackhole 87.106.97.229

By: Using IPTables to Prevent SSH Brute Force Attacks | Devon Hillard Tech Blog

Using IPTables to Prevent SSH Brute Force Attacks | Devon Hillard Tech Blog — Sun, 25 May 2008 06:11:31 +0000

[...] also recommend using the script in my post on blocking IP addresses using iptables to deal with any persistent folks, or people poking too hard on your web site, or other [...]