Difference between revisions of "Linux ipblock"

Revision as of 21:42, 20 July 2015

Why Block IP Addresses

When running my server I found in the logs that I was getting a lot of users that were just scanning my server for openings. So I decided to start blocking IP Addresses.

Fedora Block IP Addresses IPTable

This is a way of blocking IP Addresses in Fedora.

This command will add an IP Address to the blocked list.

 # iptables -A INPUT -s 65.55.44.100 -j DROP

This command will block a range of IPs Just use 255 as *

 # iptables -I INPUT -s 30.30.0.0/255.255.0.0 -j DROP  // This would drop all 30.30.*.*
 # iptables -I INPUT -s 30.30.30.0/255.255.255.0 -j DROP // This would drop all 30.30.30.*

This command shows all the iptable references.

 # iptables -L

This will remove and IP Address from the IPTable rules. (untested)

 # iptables -D INPUT -s xx.xxx.xx.xx -j DROP

or if you know the position

 # iptables -D INPUT 5

Fedora Block PORTS from the out side

This will block ports from outside connections.

 # iptables -A INPUT -p tcp --dport 3306 -j DROP

Block attempted loggins

Block any IP address who has made more than 3 ssh connections or attempted connections within the past 3 minutes. So your would-be brute force attacker, gets three tries, and then is locked out for a minimum of three minutes.

 iptables -A INPUT  -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH--rsource
 iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name SSH--rsource -j DROP

http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html