How to block access to a server by IP address on Linux

Sometimes you might want to block connects to your server by IP address. E.g. when someone tries to attack your system. This can be done in several different ways, e.g. with iptables (firewall) rules or by setting up a reject route.

Reject access with Linux route command

Using iptables sometimes causes conflicts with installed firewalls so that I will use the route command here. The command is:

route add -host 192.168.0.123 reject

Replace 192.168.0.123 with the IP address that you want to block and execute the command as root user on the shell.

Use this command to remove the blocked route:

route del 192.168.0.123 reject

To list all blocked routes, use the command:

route -n

4 thoughts on “How to block access to a server by IP address on Linux”

  1. Problem found with this method is that the routes table gets rebuilt upon reboot. You must find some method to reload the ips you wish to keep blocked. Better to change fail2ban to use the route table and block specific ips or ip ranges with IPTables. From what I read you must also disable the (bastille) firewall in ISPConfig or it over writes manual entries.

    Reply

Leave a Comment

*