Block an IP Address on a Linux Server
A large number of requests from one IP address can deplete the server of available resources. This article provides the commands to block an IP address on three common Linux® software firewalls.
Prerequisites
- Basic understanding of commands in a Linux operating system.
- Basic understanding of Secure Shell (SSH).
- Administrative access to your server by using the
sudo
command.
These steps are for servers that are not RackConnect® cloud servers. For RackConnect, make changes in the dedicated firewall.
Log on to the server by using SSH and then complete the steps in the following sections.
Firewalld tool
firewalld is available on the following Linux versions:
-
Red Hat® Enterprise Linux 7 and later.
-
CentOS® 7 and later.
-
Fedora® 18 and later.
-
To ensure that
firewalld
is running on your server, run the following command. Iffirewalld
is not running, go to theiptables
section.sudo systemctl status firewalld
-
Run the following command to block the IP address and to add the rule to the permanent set:
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"
-
Run the following command to reload the
firewalld
rules:sudo firewall-cmd --reload
-
Run the following command to list and verify the new rule:
sudo firewall-cmd --list-all
Uncomplicated Firewall (UFW)
The UFW tool is available on the Ubuntu® operating system 8.04 LTS and later.
-
To ensure that
UFW
is running on your server, run the following command. IfUFW
is not running, go to theiptables
section.sudo systemctl status ufw
-
Run the following command to block the IP address:
sudo ufw deny from xxx.xxx.xxx.xxx to any
-
Run the following command to list and verify the new rule:
sudo ufw status
iptables tool
iptables
is commonly pre-installed on all Linux operating systems.
-
Run the following command to block the IP address:
sudo iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP
-
Run the following command to save the settings. The settings persist after
the server reboots.sudo service iptables save
-
Run the following command to list and verify the new rule:
sudo iptables -L
Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.
Updated about 1 year ago