Linux Commands

How to Block IP Addresses on Linux Using Iptables (A Step-by-Step Guide)

Let’s start by first explaining some terminologies that will help you better understand the context of this article. In computer networking, an IP (Internet Protocol) address is a unique numerical identifier which is assigned to each device that is connected to a network. It is used to identify and communicate with other devices on the network. There are two main versions of IP addresses which means that an IP address can be either in IPv4 (32-bit) or IPv6 (128-bit) format and is typically written as a series of four numbers which are separated by dots (e.g. 192.168.1.1 for IPv4) or as hexadecimal notation consisting of eight groups of four hexadecimal digits which are separated by colons (e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334 for IPv6).

Iptables on the other hand is a powerful firewall tool that allows you to configure and manage the network connections by defining a set of rules. These rules are based on a series of tables that contain the chains of rules to manipulate the network packets. Each chain contains a set of rules that are applied to incoming or outgoing packets based on their source and destination IP addresses, protocols, and ports.

Iptables uses netfilter, a framework that allows the kernel to intercept and modify the packets to implement its rules. It can be used to filter, block, or forward the network traffic, as well as to perform NAT (Network Address Translation) and masquerading. Iptables is a command-line tool which is why to make use of it, you need to write certain commands in the terminal. In this article, we will explore the steps that you need to follow to block an IP address using iptables from the command line.

Blocking IPs from Iptables

A Linux system administrator would be able to tell you how important it is to keep your servers secure from potential attacks. One way to secure your server is by blocking specific IP addresses using iptables. It allows you to block, allow, and limit the traffic based on IP addresses, ports, and protocols.

Step 1: Current Iptables Rules

Before you start blocking the IPs, you should first check your current iptables rules to make sure that you don’t accidentally block any valid traffic.

Run the following command in the Linux terminal:

$sudo iptables -L

 
You should be able to see an output that is similar to the one in the following which specifies the target, source, and destination for your device’s iptables rules.

Note: If you have never configured the iptables before, you should see an empty table. Otherwise, you will see your existing rules. If you see any rules that you want to keep, make a note of them.


Step 2: Block an IP Address

To block an IP address, you can use the following command:

$sudo iptables -A INPUT -s <IP ADDRESS> -j DROP

 
Note: Replace the <IP ADDRESS> with the IP address that you want to block.

This command adds a rule to the INPUT chain that drops all traffic from the specified IP address.

    • The A option tells the iptables to append the rule to the end of the chain.
    • The -s option specifies the source IP address.
    • The -j option tells the iptables what to do with the traffic. In this case, we’re dropping it.

Step 3: Save Your Iptables Rules

After adding a rule to iptables, it’s important to save your changes. Otherwise, they will be lost when you restart your server or device.

To save your iptables rules, run the following command:

$sudo iptables-save > /etc/iptables/rules.v4

 
This command saves your current iptables rules to the /etc/iptables/rules.v4 file.

Note: When you restart your server, the iptables will automatically load these rules.

Step 4: Verify the Blocked IP Address

To verify that the IP address has been blocked, run the following command:

$sudo iptables -L

 
This displays your current iptables rules again. You should see the rule that you just added at the bottom of the INPUT chain.

Step 5: Delete the Rules

If you see any issues, you should run the following command to delete the rule that you just added:

$sudo iptables -D INPUT -s <IP ADDRESS> -j DROP

 
Note: Replace the <IP ADDRESS> with the IP address that you want to unblock.

Step 6: Block the IP Ranges

In the event that you want to block an entire range of IP addresses, you can run the following command:

$sudo iptables -A INPUT -s <IP RANGE> -j DROP

 
Note: Replace the <IP RANGE> with the IP range that you want to block.

To block the range from 192.168.0.1 to 192.168.0.255, run the following:

$sudo iptables -A INPUT -s 192.168.0.0/24 -j DROP

 

Conclusion

Iptables is a powerful tool for blocking IPs in Linux. It allows you to configure and manage the network connections by defining a set of rules based on a series of tables that contain chains of rules to filter or manipulate the network packets. With iptables, you can filter, block, or forward the network traffic as well as perform NAT and masquerading.

It is essential to keep your iptables rules up-to-date and test them regularly to ensure that they are working correctly. Also, make sure that you only block the IPs that you know are malicious or unwanted and are not a legitimate traffic. Using the iptables responsibly and with caution, you can enhance your system’s security and protect it from potential risks.

About the author

Zeeman Memon

Hi there! I'm a Software Engineer who loves to write about tech. You can reach out to me on LinkedIn.