How Do I Block an IP Address on ubuntu?

ubuntu blocking iptables ip nat
8,871

If you want to block an IP from using the MASQUERADE rule you need to put that rule in the FORWARD chain, not the INPUT chain.

iptables -I FORWARD -s 69.171.229.11 -j DROP
Share:
8,871

Related videos on Youtube

Jerry
Author by

Jerry

Updated on September 18, 2022

Comments

  • Jerry
    Jerry over 1 year

    I have configured Ubuntu machine as router. Steps of NAT configuration are given below:

            #iptables -F
        #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
        #iptables-save > /etc/network/iptables

    Then kept this file location in rc.local

    #vi /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.  
#  
/sbin/iptables-restore < /etc/network/iptables 
# In order to enable or disable this script just change the execution  
# bits.  
#  
# By default this script does nothing.
exit 0

#reboot

    It works, Now I want to block an ip address. To do this, I have executed following command:

    #iptables -A INPUT -s   69.171.229.11 -j DROP    
#iptables-save >  /etc/network/iptables    
#reboot

    But it does not work.

    vi /etc/network/iptables now look like this:

     # Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*nat
:PREROUTING ACCEPT [870:97719]
:POSTROUTING ACCEPT [283:23151]
:OUTPUT ACCEPT [461:28753]
-A POSTROUTING -o eth0 -j MASQUERADE   COMMIT
 # Completed on Tue Feb 14 11:21:16 2012
 # Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*filter
:INPUT ACCEPT [4914:3254723]
:FORWARD ACCEPT [2382:1222521]
:OUTPUT ACCEPT [4010:410041]
-A INPUT -s 98.137.149.56/32 -j DROP 
COMMIT
 # Completed on Tue Feb 14 11:21:16 2012

    What am I missing to block an ip address?

    • MastaJeet
      MastaJeet over 12 years
      After you execute this what is the output of iptables -L -v -n?
    • David Schwartz
      David Schwartz over 12 years
      Are you trying to block the IP from connecting to the machine? Or from routing through the machine? The INPUT chain is only for packets that are delivered locally. (Check ip route show table local to see what is local.)
  • G. Bach
    G. Bach over 12 years
    While it is true that the order of rules in iptables matters, by the looks of it he only has one rule in them. The rest are just the policies, which always are shown first with iptables -S and always are evaluated last.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting up a Linux server with a public Static IP
Using iptables SNAT based on source interface and ip address
Block range of IP Addresses
Filtering incoming Strongswan VPN packets with iptables
ip_conntrack_tcp_timeout_established not applied to entire subnet
ubuntu iptables NAT & Router & Port Forwarding
Linux as router with multiple internet providers
How to find out if Ubuntu is using DHCP (Ubuntu 12.04 LTS GUI)
Use iptables to block all incoming IPs
NAT using iptables on Ubuntu 16.04 doesn't work