We have already discussed about the IPTables basics in Linux and also some common usages of it to secure your Linux server.

By using iptables you can block particular IP address or a range of IP addresses on your server to protect your server. In this way you can block IPs which are in listed on your secure log for suspicious activities.

That’s why, simply you can secure your server from unwanted connections.

To block an IP address from server, you need to add blocking rules to your iptables INPUT chain. The important iptables switches required to perform this actions are;

-A : Add a rule
-s : To specify the IP address
-J : Jump to target

How do I block an IP address on my server ?

You can simply block by using the above mentioned switches. See the below pasted examples;

Syntax:

iptables -A INPUT -s IP-ADD -j DROP

Example:

iptables -A INPUT -s xx.xx.xx.xx -j DROP

Where xx.xx.xx.xx is the IP address which you want to block.
Then save the newly added rules to iptables.

service iptables save

How can I block a particular PORT for a particular IP on your Linux server ?

Yes, in some situations we have to block some ports to a particular IP address. We can simply manage this from command-line using the iptables command.

Additional switches required;

-p : To specify protocol
--destination-port : to specify port

Syntax:

iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP

Example:

iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP

Where port 25 will be blocke for that particular IP address.

How can I unblock IP address from block-list ?

You can allow IP address by changing the target to ACCEPT (iptables -A INPUT -s IP-ADD -j ACCEPT). But, if the IP address is already blocked in your server firewall, the allowing method using “ACCEPT” as target will not work.

Because, we have already added one rule for this IP to block. By-default the iptables execute rules from top to bottom. So, we need to remove that rule from INPUT chain.

Switch to remove an iptables rule:

-D : Delete a rule

Syntax:

iptables -D INPUT -s IP-ADD -j DROP

Example:

iptables -D INPUT -s xx.xxx.xx.xx -j DROP
service iptables save

Alternate method – using line number

It’s very useful if your iptables has a lot of rules. In this case we can remove that particular line by using the switch “D” after found that line number using “–line-number” switch.
IPTable command to list all rules with line number:

iptables -L -n --line-number

Example:

[email protected] [~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num  target     prot opt source              destination
1    acctboth   all  --  0.0.0.0/0           0.0.0.0/0
2    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
3    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
4    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
5    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
6    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
7    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0
8    DROP       all  --  xx.xx.xx.xx         0.0.0.0/0

If you want to remove the 8th line, use -D switch and specify the line number.

Example:

iptables -D INPUT 8

That’s all 🙂 🙂

Related topics:

1. What is iptables in Linux ?
2. How to save/backup existing iptables rules to a file
3. How to allow/block PING on Linux server – IPTables rules for icmp

CSF commands for Unix/Linux servers

Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers.

CSF has wide range of options to manage Linux firewall via comman-line and from the control panel. The csf installation includes preconfigured configurations and control panel UI’s for cPanel, DirectAdmin and Webmin.

The installation ans usage of CSF is quit simple. Read More…