Difference between revisions of "How to block someone's IP"
From Kolmisoft Wiki
Jump to navigationJump to search
Line 6: | Line 6: | ||
To block incoming IP, use this command: | To block incoming IP, use this command: | ||
iptables -A INPUT -s IP -j DROP | |||
For example: | For example: | ||
iptables -A INPUT -s 123.123.123.123 -j DROP | |||
To save the rules (On Centos), run: | To save the rules (On Centos), run: | ||
/etc/init.d/iptables save | |||
Question: I want allow only specified IPs to my server and dissallow any other connections, how I could do that? | Question: I want allow only specified IPs to my server and dissallow any other connections, how I could do that? | ||
Line 20: | Line 20: | ||
First of all enter all friendly ips: | First of all enter all friendly ips: | ||
iptables -A INPUT -s friendlyip. -j ACCEPT | |||
iptables -A INPUT -s another.friendly.ip -j ACCEPT | |||
iptables -A INPUT -s 127.0.0.1 -j ACCEPT # yes, accept connections from localhost. | |||
And the most end enter: | And the most end enter: | ||
iptables -A INPUT -s 0/0 -j DROP | |||
Thats it. | Thats it. |
Revision as of 14:14, 24 January 2014
First of all install iptables if needed:
yum -y install iptables
To block incoming IP, use this command:
iptables -A INPUT -s IP -j DROP
For example:
iptables -A INPUT -s 123.123.123.123 -j DROP
To save the rules (On Centos), run:
/etc/init.d/iptables save
Question: I want allow only specified IPs to my server and dissallow any other connections, how I could do that?
First of all enter all friendly ips:
iptables -A INPUT -s friendlyip. -j ACCEPT iptables -A INPUT -s another.friendly.ip -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT # yes, accept connections from localhost.
And the most end enter:
iptables -A INPUT -s 0/0 -j DROP
Thats it.
If in future you will want to add some more ips, just first reject rule with DROP, and some friendly ip and then apply DROP rule again.
Very important: Don't forget to add ISP/router to your friendly ip address list!!!
How to unblock IP
Search for the IP under /etc/sysconfig/iptables:
grep 123.123.123.123 /etc/sysconfig/iptables
This would give the following output:
-A INPUT -s 123.123.123.123 -j DROP -A INPUT -s 123.123.123.123 -j ACCEPT
Then you can delete the rule using the '-D' option in iptables:
iptables -D INPUT -s 123.123.123.123 -j DROP
Now IP 123.123.123.123 is unblocked.