Subscribe to Developer OraclesNews FeedSubscribe to Developer OraclesComments — Translate page:        

Browse > Home / Linux, Server Management / Ban and Unban IPs using IPTables

Ban and Unban IPs using IPTables

July 6, 2008
Filed under Linux, Server Management

Leave a comment

Sometimes users come to your website with bad intentions. Say you observe that somebody tries to brute force a password or just sends unknown requests to your server in an incredibly fast rate.

A very basic solution is to just ban the IP of the remote computer using IPTables. I will try to explain in a simple manner how to ban one single IP from the entire server.

First, initiate an SSH connection to your server and login as root. In the command line type:


iptables --help

The above command will list what parameters are permitted for use with iptables. Now how to ban a specific IP:


iptables -A INPUT -s IP.ADDRESS.HERE -j DROP

Obviously, replace the “IP.ADDRESS.HERE” with the desired IP address. The above command will restrict one single IP’s access to any port on the server. But what if you want to ban an IP’s access only to the web-server, say Apache which is usually running on port 80. You can use the below command:


iptables -A INPUT -p tcp -s IP.ADDRESS.HERE --dport 80 -j DROP

One single step remained: restarting the iptables service. First, we want to save its state, then restart:


service iptables save
service iptables restart

OK, all cool. Now a bit of fairy tale: I was playing with a server which has CSF (see end of the post) installed and after 5 unsuccessful login attempts to a password protected public zone, my IP arrived in the IPTables INPUT and OUTPUT chain. Odd and lame. :| I had to remove somehow my IP from the chains as I was not able to use the server in any way, no SSH, no FTP, no HTTP. Practically I was locked out of the server. The solution? Well, it’s simpler than it sounds, but as the server was a Softlayer server, i was able to connect to the server’s private IP using SSH, login as root, then remove my IP from the blocked IP’s list. OK, this requires a bit of explanation, i guess. When connecting to a Softlayer server’s private network, first you have to initiate from your PC a VPN connection to the Softlayer private network. When the connection is live, it will be like a tunnel and will enable the user to connect to a server’s private IP even if the user’s IP has been blocked because the VPN tunnel will act like a proxy.
OK, so how to un-ban an IP using IPTables?
Using the below two commands, will remove the IP from the blocking list:


iptables -D INPUT -p all -s IP.ADDRESS.HERE -j DROP
iptables -D OUTPUT -p all -s IP.ADDRESS.HERE -j DROP

As usual, you save then restart IPTables service:


service iptables save
service iptables restart

CSF - ConfigServer Firewall

Share or Bookmark this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Ask
  • Bloglines
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Slashdot
  • SphereIt
  • Technorati

Possible related posts (automatic):

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , ,

Comments

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

If you want to use your OpenID, fill out the field labeled "Website" with the OpenID URL. The other fields may remain empty.

Subscribe without commenting