Are you figuring out how to block IP Addresses using iptables on Linux?
If you’re here, you might be new to Linux and have difficulty blocking specific IP addresses.
Worry not; it is easier than you expect.
Through this post, I will guide you step-by-step on how to block IP addresses, quick and simple.
Let’s dive right in!
What Is the Need for Blocking IP Addresses on Linux?
IP addresses are unique identifiers for network devices, allowing data to be routed to and from them.
Usually, these are blocked when malicious entities or specific undesired IP addresses interact with the Linux system.
While this might be the core reason behind blocking them, there are other reasons as well, which are:
- Limit or restrict unwanted traffic to save bandwidth on your computer
- Ensure only specific geographies or entities can access the server
- Limit the exposure of services to only trusted networks
- Limit the number of requests from particular IPs that can slow down or crash the system
- Block certain users who violate terms of service if you’re an organization
What You’ll Need
For a seamless blocking process of IP addresses using iptables, ensure you have the below prerequisites:
- Ensure you have proper administrative privileges (Root or Sudo), as they are mandatory to modify iptables (guide)
- Ensure iptables are installed on your system by checking the packages (guide)
- Make sure to save your current IP table configuration (guide)
- A stable internet connection
Let’s now proceed with the steps.
How to Block IP Address Using Iptables on Linux: Step-by-Step
Step 1: Install Iptables
Usually, most Linux distributions come with the iptables preinstalled. However, there might be some instances where they can be missing.
Here are steps to install iptables on Linux distributions if not installed on yours:
- Open the terminal and log in as the root user using the below command. While using the command, ensure you have the admin rights and type in the correct credentials:
sudo -s
- Once logged in as a root user, enter the command below to install iptables. While the packages are being installed, if you see a prompt asking whether you want to continue, type ‘Y’ and hit enter:
sudo apt install iptables
- After the installation, update and upgrade the packages using the below command to have a seamless process with the rest of the steps:
sudo apt update && sudo apt upgrade
Step 2: Check Current Iptable Rules
Iptables is a firewall command-line tool that uses policy chains to control the traffic.
It works by verifying the connection that attempts to establish itself on the system from the collection of rules.
If the connection’s rule doesn’t match the set of rules, it performs the default action.
Hence, before blocking certain IP addresses, check the iptable rules to avoid blocking important traffic using the steps below:
- Once the same terminal you have performed Step 1, type in the below command to check the current iptables rules:
sudo iptables -L -v
Step 3: Block a Single or Multiple IP Addresses Through Iptables
Blocking IP addresses through iptables can be done through a simple command.
Here are steps on how to do so, along with a detailed breakdown of the command for better understanding:
- On the terminal, enter the below command to block an IP address using an iptable. Ensure you change the <IP ADDRESS> with yours and look for the command in action from the screenshot for reference:
sudo iptables -A INPUT -s <IP ADDRESS> -j DROP
- -A INPUT – Flag that adds a rule to the input chain.
- -s – The source IP address of the packets is specified by the “-s” flag after the IP address.
- -j DROP – flag that instructs iptables to discard packets from the given IP address.
While the command doesn’t generate an output, it generates a new rule to the INPUT chain that drops all traffic from the specified IP address.
- To verify if the command has worked, enter the following command to check the “Chain INPUT” after displaying the current iptable rules:
sudo iptables -L –v
- Next, enter the below command to block a range of IP addresses instead of one. Ensure you change the <IP RANGE> with yours and look for the command in action from the screenshot for reference:
sudo iptables -A INPUT -s <IP RANGE> -j DROP
It doesn’t generate an output like the command to block a single IP. However, it generates a new rule in the INPUT chain to DROP packets from the 192.168.0.0/24 IP range.
Also Read: How to Set a Static IP Address on Ubuntu
(Optional) How to Delete Rules to Unblock IP Addresses
Unblocking IP addresses after adding rules to iptable is easy, and you only need to make a small modification to the IP block command.
Here are the commands to unblock single and multiple IP addresses on iptable:
Unblock single IP address: sudo iptables -D INPUT -s <IP ADDRESS> -j DROP Unlock multiple IP addresses: sudo iptables -D INPUT -s <IP RANGE> -j DROP
If you notice, the A flag is replaced with the D flag, which deletes the set rules on iptable and unblocks the IP address.
Step 4: Save the Rules
The above commands block the traffic for the provided IP addresses on iptable.
However, with a restart of the PC, the iptable resets, and the entire process must be repeated.
So, follow the steps below to avoid this from happening.
- On the iptable, after you have set the rules, enter the below command for the changes to remain permanent.
sudo iptables-save > /etc/iptables/rules.v4
- Alternatively, you can install the iptables-persistent package and save the rules using the below commands so they won’t reset after a restart:
sudo apt-get install iptables-persistent sudo netfilter-persistent save
Conclusion
Congratulations on learning how to block IP Addresses using iptables on Linux!
While the installation process is short, be careful while setting the rules, as you can accidentally block an important IP address and prevent traffic from passing in and out of your device.
If you’re stuck with any step or having issues with iptables, you may reach out to the user community of your Linux distribution for better assistance.
