Sometimes you might want to block connects to your server by IP address. E.g. when someone tries to attack your system. This can be done in several different ways, e.g. with iptables (firewall) rules or by setting up a reject route. Using iptables sometimes causes conflicts with installed firewalls so that I will use the route command here. The command is:

/sbin/route add -host 192.168.0.123 reject

Replace 192.168.0.123 with the IP address that you want to block and execute the command as root user on the shell.

How to block access to a server by IP address on Linux

4 thoughts on “How to block access to a server by IP address on Linux

  • Permalink

    Where is the blocklist stored and/or how do I undo the blocking?

    Reply
  • Permalink

    Nevermind, I found out how.

    List blocked IP’s:
    route -n

    Remove blocked IP:
    route del 192.168.0.123 reject

    Reply
  • Permalink

    Problem found with this method is that the routes table gets rebuilt upon reboot. You must find some method to reload the ips you wish to keep blocked. Better to change fail2ban to use the route table and block specific ips or ip ranges with IPTables. From what I read you must also disable the (bastille) firewall in ISPConfig or it over writes manual entries.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Ad #native_company# — #native_desc# #native_cta#