21 Jul 2008, 21:26

IPTables - Block selected IPs


Sometimes people seem to think that bruteforcing a random server would a good idea. I don’t agree with them. They just fill up my auth.log and cause several alarm bells to ring. If you use fail2ban, fine, it will handle this for you. If you don’t use it, you could still ban them manually.

If you just want to ban a single source IP - beware of faked sources adresses - until the next reboot of your machine, use this:

iptables -I INPUT -s <sourceip> -j DROP
This reads as follows: Inside the input chain look for the source adress <sourceip> and the jump to chain “DROP”.

If you want to remove this entry you’ll just need to replace the -I in front of INPUT by -D.