To block / unblock an IP address, you’d update iptables setting (root / sudoer only).
List existing IP Address rules
|
1 2 3 |
# iptables -L |
Block an IP address
iptables -A INPUT -s IP_ADDRESS -j DROP
iptables -A OUTPUT -d IP_ADDRESS -j DROP
|
1 2 3 |
# iptables -A INPUT -s 198.20.69.74 -j DROP |
Block the IP address to access an port then type command:
iptables -A INPUT -s IP_ADDRESS -p tcp --destination-port PORT -j DROP
|
1 2 3 |
# iptables -A INPUT -s 198.20.69.74 -p tcp --destination-port 22 -j DROP |
save the configuration and refresh firewall
|
1 2 3 4 |
# service iptables save # service iptables restart |
Block a range of IP addresses
iptables -A INPUT -s xxx.yyy.zzz.12/16 -j DROP
Unblock an IP Address
iptables -D INPUT -s IP_ADDRESS -j DROP
|
1 2 3 4 5 |
# iptables -D INPUT -s 198.20.69.74 -j DROP # service iptables save # service iptables restart |
Another way is manually update /etc/sysconfig/iptables while the approach is not recommended.
