How/command to block/unblock an IP address in your Linux server – IPTables command to block/unblock an IP

We have already discussed about the IPTables basics in Linux and also some common usages of it to secure your Linux server.

By using iptables you can block particular IP address or a range of IP addresses on your server to protect your server. In this way you can block IPs which are in listed on your secure log for suspicious activities.

That’s why, simply you can secure your server from unwanted connections.

To block an IP address from server, you need to add blocking rules to your iptables INPUT chain. The important iptables switches required to perform this actions are;

-A : Add a rule
-s : To specify the IP address
-J : Jump to target

How do I block an IP address on my server ?

You can simply block by using the above mentioned switches. See the below pasted examples;

Syntax:

iptables -A INPUT -s IP-ADD -j DROP

Example:

iptables -A INPUT -s xx.xx.xx.xx -j DROP

Where xx.xx.xx.xx is the IP address which you want to block.
Then save the newly added rules to iptables.

service iptables save

How can I block a particular PORT for a particular IP on your Linux server ?

Yes, in some situations we have to block some ports to a particular IP address. We can simply manage this from command-line using the iptables command.

Additional switches required;

-p : To specify protocol
--destination-port : to specify port

Syntax:

iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP

Example:

iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP

Where port 25 will be blocke for that particular IP address.

How can I unblock IP address from block-list ?

You can allow IP address by changing the target to ACCEPT (iptables -A INPUT -s IP-ADD -j ACCEPT). But, if the IP address is already blocked in your server firewall, the allowing method using “ACCEPT” as target will not work.

Because, we have already added one rule for this IP to block. By-default the iptables execute rules from top to bottom. So, we need to remove that rule from INPUT chain.

Switch to remove an iptables rule:

-D : Delete a rule

Syntax:

iptables -D INPUT -s IP-ADD -j DROP

Example:

iptables -D INPUT -s xx.xxx.xx.xx -j DROP
service iptables save

Alternate method – using line number

It’s very useful if your iptables has a lot of rules. In this case we can remove that particular line by using the switch “D” after found that line number using “–line-number” switch.
IPTable command to list all rules with line number:

iptables -L -n --line-number

Example:

[email protected] [~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num  target     prot opt source              destination
1    acctboth   all  --  0.0.0.0/0           0.0.0.0/0
2    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
3    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
4    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
5    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
6    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
7    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
8    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0

If you want to remove the 8th line, use -D switch and specify the line number.

Example:

iptables -D INPUT 8

That’s all 🙂 🙂

Related topics:

1. What is iptables in Linux ?
2. How to save/backup existing iptables rules to a file
3. How to allow/block PING on Linux server – IPTables rules for icmp

CSF commands for Unix/Linux servers

Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.

CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.

The installation ans usage of CSF is quit simple. Read More…

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

17 thoughts on “How/command to block/unblock an IP address in your Linux server – IPTables command to block/unblock an IP

  1. I have two IPs in my server and for my secondary IP, I want to BlOCK all incoming port connections except MySQL.

    Could you please help?

  2. Hi,
    can anyone please tell me how to write a iptable blocksite rule to block (say “google.com”) for all users (ip ) expect for a single ip address.
    Pls help me out. i am using bm algorithm for string matching for block sites

    1. The “service iptables save” command will add the rule to your iptable chain. Just to make sure everything works, you can restart the firewall using “service iptables restart”.

  3. Nice security tip. I found another tool called fail2ban which can provide extra security. It blocks the offending IP addresses automatically.

  4. sir, thank you for the great info.
    I have an issue, I wanted and blocked all connection from a specific IP how ever, I have 10 users I like to let 3 of them to still have access to that specific IP that I have blocked (DROP) .
    Could you please assist me on this? Thank you in advance for your time.

  5. Wow, this paragraph is nice, my younger sister is analyzing these kinds of things, therefore I am going to convey her.

  6. i have blocked some of the blacklisted IP address in my iptables using the iptables command…how to check whether it is actually blocked or not?

  7. Hi i have centos 5.9 version in that i have installed elastix application, the problem is i am not able to cal from one extension number to other extension number. And also let me what is the command to see particlular ip address is blocked or not in Centos

  8. Most of system admins need to block visitors by country. You can download the country IP address list from ip2location.com/free/visitor-blocker and use iptables to block them from accessing your servers.

Leave a Reply

Your email address will not be published. Required fields are marked *