Suppose you are a system administrator and responsible for securing your infrastructure. In that case, you may often need to block the IP address of the hosts trying to breach your security. For example, you will need to use Iptables and UFW firewall to block an IP address on your Linux server.
This tutorial will show you how to block IP addresses using Iptables and UFW firewalls.
Block IP Address with Iptables
Iptables is a rule-based firewall for Unix-based operating systems that comes pre-installed in all Linux operating systems and controls incoming and outgoing packets.
This section will use the Iptables block IP firewall to block the IP address.
Block Access to All Port
You can use the following syntax to block an IP address from accessing your server by Iptables block port.
iptables -A INPUT -s IP-ADDRESS -j DROPFor example, you can block the IP address 172.20.10.4 entirely with the following command:
iptables -A INPUT -s 172.20.10.4 -j DROPYou can see the blocked IP address with the following command:
iptables -LYou should see the following output:
Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- 172.20.10.4 anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Block Access to Specific Port
You can also block a specific IP address using the following syntax:
iptables -A INPUT -s IP-ADDRESS -p tcp --destination-port port_number -j DROPFor example, you can block the IP address 172.20.10.5 only on a port 80, run the following command:
iptables -A INPUT -s 172.20.10.5 -p tcp --destination-port 80 -j DROPYou can see the blocked IP address and port with the following command:
iptables -LYou should see the following output:
Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- 172.20.10.4 anywhere DROP TCP-- 172.20.10.5 anywhere HTTP Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Save Iptables Rule
After restarting, the system will delete your Iptables rule. So you will need to save the Iptables rule permanently on your system.
On CentOS/RHEL/Fedora, you can save the Iptables rule with the following command:
service iptables saveOn Ubuntu/Debian, you must install the iptables-persistent package in your system. You can install it with the following command:
apt-get update -y && apt-get install iptables-persistent -yOnce installed, you can save the Iptables rule with the following command:
service netfilter-persistent saveYou should see the following output:
* Saving Netfilter rules... run-parts: executing /usr/share/Netfilter-persistent/plugins.d/15-ip4tables save run-parts: executing /usr/share/Netfilter-persistent/plugins.d/25-ip6tables save
Delete the DROP Rule
If you want to delete the rule which you have added in the previous step, run the following command for Iptables drop:
iptables -D INPUT -s 172.20.10.4 -j DROPiptables -D INPUT -s 172.20.10.5 -p tcp --destination-port 80 -j DROPNext, run the following command to save the changes you have made:
service netfilter-persistent saveBlock IP Address with UFW
UFW stands for "Uncomplicated Firewall" and is Ubuntu's default firewall configuration tool. It provides an easy-to-use command-line interface for people unfamiliar with firewall concepts.
This section will use the UFW firewall to block the IP address.
Block Access to All Port
You can use the following syntax to block an IP address from accessing your server.
ufw deny from ip-address to anyFirst, you will need to enable the UFW firewall in your system. You can enable it with the following command:
ufw enableNext, block the IP address 172.20.10.4 with the following command:
ufw deny from 172.20.10.4 to anyNow, run the following command to apply the changes:
ufw reloadYou can see the blocked IP address with the following command:
ufw statusYou should see the following output:
Status: active To Action From -- ------ ---- Anywhere DENY 172.20.10.4
Block Access to Specific Port
You can also block the IP address only on a specific port using the following syntax:
ufw deny from ip-address to any port port-numberFor example, you can block the IP address 172.20.10.5 only on a port 80, run the following command:
ufw deny from 172.20.10.5 to any port 80Now, run the following command to apply the changes:
ufw reloadYou can see the blocked IP address and port with the following command:
ufw statusYou should see the following output:
Status: active To Action From -- ------ ---- Anywhere DENY 172.20.10.4 80 DENY 172.20.10.5
Delete the Drop Rule
You can also delete the specific rules which you have added earlier.
First, you will need to list all rules with numbers.
You can list all rules by numbers with the following command:
ufw status numberedYou should see the following output:
Status: active To Action From -- ------ ---- [ 1] Anywhere DENY IN 172.20.10.4 [ 2] 80 DENY IN 172.20.10.5
Next, delete the rule number [1] with the following command:
ufw delete 1You should see the following output:
Deleting: deny from 172.20.10.4 Proceed with the operation (y|n)? y Rule deleted
Now, reload the firewall rule to apply the changes:
ufw reloadFrequently Asked Questions
How do I block an IP address on the Ubuntu server?
To block an IP address on Ubuntu 16.04 LTS, first, install the UFW. Then by using the UFW, open the ssh port 22. Now, configure the ufw and forward the port 80/443 to an internal server that a LAN hosts.
How do I block an IP address to a server?
Follow the steps below to block an IP address to a server.
1. Log in to the server.
2. Click the Start button.
3. Type "Windows Firewall with advance security."
4. Click the Inbound Rules located at the extreme left. This will show you the currently configured rules.
5. Click the Action button at the extreme right and then click the New Rule button.
6. Select CUSTOM for rule type, select ALL PROGRAMS for programs, and select ANY from the Protocol type for protocol and port.
7. Type the remote IP address to select the scope to apply the rule.
8. Enter the IP address you want to block from a range of IP addresses and then click NEXT.
9. Select BLOCK THE CONNECTION for Action and click NEXT.
10. For the Profile, check in all the options and click NEXT.
11. Write a name to describe the selected IP address and click FINISH.
Does UWF conflicts with Iptables?
You cannot use your scripts to set your own iptables rules if you use ufw since ufw will overwrite them when it develops its own. This implies that ufw might clash with other apps that create firewall rules.
How to block an IP address from router?
Go to the router's settings page or access the control panel by typing its IP address or address range into the address bar of your web browser. Locate the "Internet Filtering" settings option, enable it, and enter the addresses you want to block.
How to block an IP address from the network?
The use of Filter Rules is the first approach. You can find this under Config > Network > Filter Rules. If you wish to restrict traffic from a specific IP address, choose Source Address as the criterion. Use the Destination Address condition to prevent traffic from going to the IP address. The network layer blocks traffic with filter rules.
Using the Firewall app is another way to block an IP address. This approach has the advantage of being policy-dependent because a Firewall only blocks the policy in which it is placed, whereas Filter Rules are applied to all policies. In addition, the Firewall is a layer 7 application, giving it more blocking options than Filter Rules.
How to block connection networks from foreign IP addresses?
Simply sign in, navigate to "Threat Control," click "Add custom rule," begin typing the complete country name, and then choose it from the selection list. You're finished when you click the enormous red "Block" button. You can add any nations to your "Block list" by blocking them if necessary.
Conclusion
The IP addresses are majorly used to connect the devices. For example, if an IP address is causing trouble to your device or website, it is suggested to block it. However, the process may vary concerning the operating system, but the main idea is common.
The above guide shows you how to block IP addresses with Iptables, UFW, and Ubuntu. The process is pretty simple and conventional.