How to Block IP Accessing Your Linux Server with Iptables and UFW Firewall

linux

Simon Bennett 17th March 2020

If you are a system administrator and responsible for securing your infrastructure, you may often need to block the IP address of the hosts that are trying to breach your security. In order to block an IP address on your Linux server, you will need to use Iptables and UFW firewall.

In this tutorial, we will show you how to block an IP address using Iptables and UFW firewall.

Block IP Address with Iptables

Iptables is a rule-based firewall for Unix-based operating systems. It comes pre-installed in all Linux operating systems and used for controlling the incoming and outgoing packets.

In this section, we will use the Iptables firewall to block the IP address.

Block Access to All Port

You can use the following syntax to block an IP address from accessing your server.

iptables -A INPUT -s IP-ADDRESS -j DROP

For example, you can block the IP address 172.20.10.4 completely with the following command:

iptables -A INPUT -s 172.20.10.4 -j DROP

You can see the blocked IP address with the following command:

iptables -L

You should see the following output:

Chain INPUT (policy ACCEPT)
target prot opt source destination 
DROP all -- 172.20.10.4 anywhere 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

Block Access to Specific Port

You can also block the IP address only on a specific port using the following syntax:

iptables -A INPUT -s IP-ADDRESS -p tcp --destination-port port_number -j DROP

For example, you can block the IP address 172.20.10.5 only on a port 80, run the following command:

iptables -A INPUT -s 172.20.10.5 -p tcp --destination-port 80 -j DROP

You can see the blocked the IP address and port with the following command:

iptables -L

You should see the following output:

Chain INPUT (policy ACCEPT)
target prot opt source destination 
DROP all -- 172.20.10.4 anywhere 
DROP tcp -- 172.20.10.5 anywhere tcp dpt:http

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

Save Iptables Rule

After restarting the system, your Iptables rule will be deleted. So you will need to save the Iptables rule permanently on your system.

On CentOS/RHEL/Fedora, you can save the Iptables rule with the following command:

service iptables save

On Ubuntu/Debian, you will need to install iptables-persistent package in your system. You can install it with the following command:

apt-get update -y && apt-get install iptables-persistent -y

Once installed, you can save the Iptables rule with the following command:

service netfilter-persistent save

You should see the following output:

* Saving netfilter rules... run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save

Delete the DROP Rule

If you want to delete the rule which you have added in the previous step, run the following command:

iptables -D INPUT -s 172.20.10.4 -j DROP

iptables -D INPUT -s 172.20.10.5 -p tcp --destination-port 80 -j DROP

Next, run the following command to save the changes you have made:

service netfilter-persistent save

Block IP Address with UFW

UFW stands for "Uncomplicated Firewall" is the default firewall configuration tool for Ubuntu. It provides an easy to use command-line interface for people unfamiliar with firewall concepts.

In this section, we will use the UFW firewall to block the IP address.

Block Access to All Port

You can use the following syntax to block an IP address from accessing your server.

ufw deny from ip-address to any

First, you will need to enable the UFW firewall in your system. You can enable it with the following command:

ufw enable

Next, block the IP address 172.20.10.4 with the following command:

ufw deny from 172.20.10.4 to any

Now, run the following command to apply the changes:

ufw reload

You can see the blocked IP address with the following command:

ufw status

You should see the following output:

Status: active

To Action From
-- ------ ----
Anywhere DENY 172.20.10.4 

Block Access to Specific Port

You can also block the IP address only on a specific port using the following syntax:

ufw deny from ip-address to any port port-number

For example, you can block the IP address 172.20.10.5 only on a port 80, run the following command:

ufw deny from 172.20.10.5 to any port 80

Now, run the following command to apply the changes:

ufw reload

You can see the blocked the IP address and port with the following command:

ufw status

You should see the following output:

Status: active

To Action From
-- ------ ----
Anywhere DENY 172.20.10.4 
80 DENY 172.20.10.5 

Delete the Drop Rule

You can also delete the specific rules which you have added earlier.

First, you will need to list all rules with numbers.

You can list all rules by numbers with the following command:

ufw status numbered

You should see the following output:

Status: active

 To Action From
 -- ------ ----
[ 1] Anywhere DENY IN 172.20.10.4 
[ 2] 80 DENY IN 172.20.10.5 

Next, delete the rule number [1] with the following command:

ufw delete 1

You should see the following output:

Deleting:
 deny from 172.20.10.4
Proceed with operation (y|n)? y
Rule deleted

Now, reload the firewall rule to apply the changes:

ufw reload

Conclusion

In the above guide, we learned how to block the IP address with UFW and Iptables firewall. I hope you can now protect your server by blocking the unauthorized IP address.

Get Started Now

Get started with SnapShooter for free!
Backup one droplet, volume or mysql database