![\"\"](\"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/blocking_with_iptables.jpg?resize=678%2C254\")
<\/p>\n<\/p>\n
This post describes how you can block a user from your webserver using iptables.<\/p>\n
<\/p>\n
If a user is being destructive on your server or you wish to ensure they are not able to access it you can block them using iptables. This allows you to specify precisely what the IP address can access.<\/p>\n
In our case we are going to be using it to block all traffic from a specific IP address. This will ensure that the user is not able to connect to any port on the server. This includes visiting web pages hosted by that server.<\/p>\n
However since we are blocking by IP address, if the user can obtain a different IP or access from another location this block will be ineffective. However for most attackers, if they cannot access your server they will move onto another.<\/p>\n
To completely block an IP address you can use the following command:<\/p>\n
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP<\/pre>\nWhen running iptables you must be using a user who is able to modify the iptables rules, normally root. This could also be run using
sudo<\/code> if the user you are running as has access to this.<\/p>\nThis sets up a new INPUT rule for the IP address (
xxx.xxx.xxx.xxx<\/code>) so that if any requests are received by that IP they are dropped. This effectively stops a user interacting with a server in any way.<\/p>\nHopefully this will let you block any nuisance users from your servers. If you have any questions feel free to ask in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"
This post describes how you can block a user from your webserver using iptables.<\/p>\n","protected":false},"author":1,"featured_media":1491,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Blocking a user or IP from a server using iptables","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[251,172,39],"class_list":["post-1481","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-informational","tag-firewall","tag-iptables","tag-linux"],"wppr_data":{"cwp_meta_box_check":"No"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/blocking_user_with_iptables.jpg?fit=800%2C800&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2toWX-nT","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":651,"url":"https:\/\/chewett.co.uk\/blog\/651\/removing-ip-block-whm-cphulk\/","url_meta":{"origin":1481,"position":0},"title":"Removing IP Block from WHM cPHulk","author":"Chewett","date":"September 20, 2017","format":false,"excerpt":"If you are locked out of your website due to the cPHulk blocking your IP address there is an easy way to unblock yourself. This post describes how you can do this from your servers command line. Getting ready to reset the block This post uses a method to remove\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/09\/removing_ipblock_from_whm.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/09\/removing_ipblock_from_whm.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/09\/removing_ipblock_from_whm.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/09\/removing_ipblock_from_whm.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2426,"url":"https:\/\/chewett.co.uk\/blog\/2426\/unblocking-minecraft-server-port-25565-on-fedora\/","url_meta":{"origin":1481,"position":1},"title":"Unblocking Minecraft Server port 25565 on Fedora","author":"Chewett","date":"March 20, 2020","format":false,"excerpt":"This post describes how you can unblock port 25565 to allow Minecraft Server traffic through in the Fedora firewall. Unblocking port 25565 so traffic can get through to Minecraft Server By default Fedora has a firewall which blocks traffic reaching port 25565. This stops you from being able to access\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":831,"url":"https:\/\/chewett.co.uk\/blog\/831\/enabling-ssh-ubuntu-16-04\/","url_meta":{"origin":1481,"position":2},"title":"Enabling SSH on Ubuntu 16.04","author":"Chewett","date":"November 8, 2017","format":false,"excerpt":"By default you are not able to SSH into an Ubuntu 16.04\u00a0 machine and this blog post describes the steps needed to install SSH server. Installing OpenSSH Server To enable logging in from another computer via SSH you need to install a SSH\u00a0server. To do this you\u00a0can run the following\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/enable_ssh_on_ubuntu.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/enable_ssh_on_ubuntu.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/enable_ssh_on_ubuntu.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/enable_ssh_on_ubuntu.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2786,"url":"https:\/\/chewett.co.uk\/blog\/2786\/fixing-raspberry-pi-mysql-access-denied-for-user-root-with-non-root-user\/","url_meta":{"origin":1481,"position":3},"title":"Fixing Raspberry Pi MySQL Access Denied for user root with non root user","author":"Chewett","date":"February 6, 2021","format":false,"excerpt":"This blog post talks about how you can log in as root to your MySQL database with a non-root user on your Raspberry Pi. The \"Access denied for user 'root'@'localhost'\" error After setting up your database you might have changed the root password using mysql_secure_installation however it will still give\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2021\/01\/fixing_raspi_mysql_root_login_posticon_OUTPUT.png?fit=1200%2C628&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2021\/01\/fixing_raspi_mysql_root_login_posticon_OUTPUT.png?fit=1200%2C628&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2021\/01\/fixing_raspi_mysql_root_login_posticon_OUTPUT.png?fit=1200%2C628&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2021\/01\/fixing_raspi_mysql_root_login_posticon_OUTPUT.png?fit=1200%2C628&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2021\/01\/fixing_raspi_mysql_root_login_posticon_OUTPUT.png?fit=1200%2C628&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":297,"url":"https:\/\/chewett.co.uk\/blog\/297\/lets-encrypt-auto-ssl-web-host-manager-cpanel-server\/","url_meta":{"origin":1481,"position":4},"title":"Let’s Encrypt Auto SSL on Web Host Manager CPanel Server","author":"Chewett","date":"May 12, 2017","format":false,"excerpt":"This blog post describes how to set up free SSL certificates on a Web Host Manager CPanel server. This requires root access to the server, if you don't have access to this then you must ask your service provider to install it for you. What is Let's Encrypt? Let's Encrypt\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1321,"url":"https:\/\/chewett.co.uk\/blog\/1321\/how-to-install-the-official-mysql-community-server-on-fedora-28\/","url_meta":{"origin":1481,"position":5},"title":"How to Install the official MySQL community server on Fedora 28","author":"Chewett","date":"July 25, 2018","format":false,"excerpt":"Today I talk about how you can install the official\u00a0MySQL community server on Fedora 28. Why you cant just use DNF to install mysql-server In the last couple versions of Fedora the default MySQL\u00a0distribution was changed to mariadb. While this is, for the most part, a drop in replacement this\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/installing_offical_mysql.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/installing_offical_mysql.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/installing_offical_mysql.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/installing_offical_mysql.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=1481"}],"version-history":[{"count":2,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1481\/revisions"}],"predecessor-version":[{"id":1492,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/1481\/revisions\/1492"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media\/1491"}],"wp:attachment":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=1481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=1481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=1481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}