Difference between revisions of "How to block someone's IP"

First of all install iptables if needed:

yum -y install iptables

To block incoming IP, use this command:

iptables -A INPUT -s IP -j DROP

For example:

iptables -A INPUT -s 123.123.123.123 -j DROP

To save the rules (On Centos), run:

/etc/init.d/iptables save

Question: I want allow only specified IPs to my server and dissallow any other connections, how I could do that?

First of all enter all friendly ips:

iptables -A INPUT -s friendlyip. -j ACCEPT
iptables -A INPUT -s another.friendly.ip -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT # yes, accept connections from localhost.

And the most end enter:

iptables -A INPUT -s 0/0 -j DROP

Thats it.

If in future you will want to add some more ips, just first reject rule with DROP, and some friendly ip and then apply DROP rule again.

Very important: Don't forget to add ISP/router to your friendly ip address list!!!

How to unblock IP

Search for the IP under /etc/sysconfig/iptables:

grep 123.123.123.123 /etc/sysconfig/iptables

This would give the following output:

-A INPUT -s 123.123.123.123 -j DROP
-A INPUT -s 123.123.123.123 -j ACCEPT

Then you can delete the rule using the '-D' option in iptables:

iptables -D INPUT -s 123.123.123.123 -j DROP

Now IP 123.123.123.123 is unblocked.