Blocking a user or IP from a server using iptables

This post describes how you can block a user from your webserver using iptables.

What blocking via iptables achieves

If a user is being destructive on your server or you wish to ensure they are not able to access it you can block them using iptables. This allows you to specify precisely what the IP address can access.

In our case we are going to be using it to block all traffic from a specific IP address. This will ensure that the user is not able to connect to any port on the server. This includes visiting web pages hosted by that server.

However since we are blocking by IP address, if the user can obtain a different IP or access from another location this block will be ineffective. However for most attackers, if they cannot access your server they will move onto another.

How to block an IP Address

To completely block an IP address you can use the following command:

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

When running iptables you must be using a user who is able to modify the iptables rules, normally root. This could also be run using sudo if the user you are running as has access to this.

This sets up a new INPUT rule for the IP address (xxx.xxx.xxx.xxx) so that if any requests are received by that IP they are dropped. This effectively stops a user interacting with a server in any way.

Hopefully this will let you block any nuisance users from your servers. If you have any questions feel free to ask in the comments.