We have already discussed about the IPTables basics in Linux and also some common usages of it to secure your Linux server.
By using iptables you can block particular IP address or a range of IP addresses on your server to protect your server. In this way you can block IPs which are in listed on your secure log for suspicious activities.
That’s why, simply you can secure your server from unwanted connections.
To block an IP address from server, you need to add blocking rules to your iptables INPUT chain. The important iptables switches required to perform this actions are;
-A : Add a rule -s : To specify the IP address -J : Jump to target
How do I block an IP address on my server ?
You can simply block by using the above mentioned switches. See the below pasted examples;
iptables -A INPUT -s IP-ADD -j DROP
iptables -A INPUT -s xx.xx.xx.xx -j DROP
Where xx.xx.xx.xx is the IP address which you want to block.
Then save the newly added rules to iptables.
service iptables save
How can I block a particular PORT for a particular IP on your Linux server ?
Yes, in some situations we have to block some ports to a particular IP address. We can simply manage this from command-line using the iptables command.
Additional switches required;
-p : To specify protocol --destination-port : to specify port
iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP
iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP
Where port 25 will be blocke for that particular IP address.
How can I unblock IP address from block-list ?
You can allow IP address by changing the target to ACCEPT (iptables -A INPUT -s IP-ADD -j ACCEPT). But, if the IP address is already blocked in your server firewall, the allowing method using “ACCEPT” as target will not work.
Because, we have already added one rule for this IP to block. By-default the iptables execute rules from top to bottom. So, we need to remove that rule from INPUT chain.
Switch to remove an iptables rule:
-D : Delete a rule
iptables -D INPUT -s IP-ADD -j DROP
iptables -D INPUT -s xx.xxx.xx.xx -j DROP service iptables save
Alternate method – using line number
It’s very useful if your iptables has a lot of rules. In this case we can remove that particular line by using the switch “D” after found that line number using “–line-number” switch.
IPTable command to list all rules with line number:
iptables -L -n --line-number
root@test [~]# iptables -L -n --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 acctboth all -- 0.0.0.0/0 0.0.0.0/0 2 DROP all -- xx.xx.xx.xx 0.0.0.0/0 3 DROP all -- xx.xx.xx.xx 0.0.0.0/0 4 DROP all -- xx.xx.xx.xx 0.0.0.0/0 5 DROP all -- xx.xx.xx.xx 0.0.0.0/0 6 DROP all -- xx.xx.xx.xx 0.0.0.0/0 7 DROP all -- xx.xx.xx.xx 0.0.0.0/0 8 DROP all -- xx.xx.xx.xx 0.0.0.0/0
If you want to remove the 8th line, use -D switch and specify the line number.
iptables -D INPUT 8
That’s all 🙂 🙂
CSF commands for Unix/Linux servers
Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.
CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.
The installation ans usage of CSF is quit simple. Read More…