How Do I Block an IP Address on ubuntu?
8,871
If you want to block an IP from using the MASQUERADE rule you need to put that rule in the FORWARD
chain, not the INPUT
chain.
iptables -I FORWARD -s 69.171.229.11 -j DROP
Related videos on Youtube
Author by
Jerry
Updated on September 18, 2022Comments
-
Jerry over 1 year
I have configured Ubuntu machine as router. Steps of NAT configuration are given below:
#iptables -F #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #iptables-save > /etc/network/iptables
Then kept this file location in rc.local
#vi /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # /sbin/iptables-restore < /etc/network/iptables # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. exit 0 #reboot
It works, Now I want to block an ip address. To do this, I have executed following command:
#iptables -A INPUT -s 69.171.229.11 -j DROP #iptables-save > /etc/network/iptables #reboot
But it does not work.
vi /etc/network/iptables
now look like this:# Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012 *nat :PREROUTING ACCEPT [870:97719] :POSTROUTING ACCEPT [283:23151] :OUTPUT ACCEPT [461:28753] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Feb 14 11:21:16 2012 # Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012 *filter :INPUT ACCEPT [4914:3254723] :FORWARD ACCEPT [2382:1222521] :OUTPUT ACCEPT [4010:410041] -A INPUT -s 98.137.149.56/32 -j DROP COMMIT # Completed on Tue Feb 14 11:21:16 2012
What am I missing to block an ip address?
-
MastaJeet over 12 yearsAfter you execute this what is the output of
iptables -L -v -n
? -
David Schwartz over 12 yearsAre you trying to block the IP from connecting to the machine? Or from routing through the machine? The
INPUT
chain is only for packets that are delivered locally. (Checkip route show table local
to see what is local.)
-
-
G. Bach over 12 yearsWhile it is true that the order of rules in iptables matters, by the looks of it he only has one rule in them. The rest are just the policies, which always are shown first with iptables -S and always are evaluated last.