How to block an IP to access the whole Server ?

donnie

Active Member
May 23, 2003
37
0
156
uk
Hi Everybody,
I want to know that how can I block a particular IP to access the server or even that particular IP is not able to access any site on the server.

Thanks

Donnie

cPanel.net Support Ticket Number:
 

Website Rob

Well-Known Member
Mar 23, 2002
1,501
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Use iptables

/sbin/iptables -I INPUT -s xx.xx.xx.xx -j DROP

Copy & paste to use when in 'root' shell -- where xx.xx.xx.xx is the actual IP address to drop. They won't be able to access anything on your Server.

cPanel.net Support Ticket Number:
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
If you restart the server, the IPTABLES get reset and all the IPs entered for blocking will be gone.

Is there a permanent solution for blocking IPs for the entire server?

cPanel.net Support Ticket Number:
 

tAzMaNiAc

Well-Known Member
Feb 16, 2003
558
0
166
Sachse, TX
Originally posted by Doctor
If you restart the server, the IPTABLES get reset and all the IPs entered for blocking will be gone.

Is there a permanent solution for blocking IPs for the entire server?

cPanel.net Support Ticket Number:
Put that drop line into /etc/rc.d/rc.local

(at the end)

that way when you reboot, it'll reload it again..

Brenden

cPanel.net Support Ticket Number:
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
Everyone... is this a better drop line than the one provided by Website Rob?

iptables -A INPUT -m tcp -p tcp --dport 80 -s IP -j DROP

where IP is replaced by the IP address (of course!)..hehe..

Just need to know the difference between the two.

cPanel.net Support Ticket Number:
 

pingo

Well-Known Member
Nov 16, 2002
428
0
166
SSH and write:
/sbin/route add -host < offending IP-no here > reject

Will kill incoming and outgoing connections from that IP but only until you reboot your server.

If you would like it to be nullrouted permanently do as already suggested:

pico /etc/rc.d/rc.local - add above line, and it will be re-execute each time the server is rebooted.

John

cPanel.net Support Ticket Number:
 

Doctor

Well-Known Member
Apr 26, 2003
180
0
166
By the way guys, how does one block an entire range of IP using IPTABLES?

cPanel.net Support Ticket Number:
 

oderland

Well-Known Member
PartnerNOC
Dec 30, 2002
103
0
166
Kungsbacka, Sweden
/etc/hosts.deny

Hi

The simplest thing is to drop this line into your
/etc/hosts.deny file:

All: ip no

cPanel.net Support Ticket Number:
 

silvernetuk

Well-Known Member
Sep 2, 2002
309
0
166
United Kingdom
Re: /etc/hosts.deny

Originally posted by oderland
Hi

The simplest thing is to drop this line into your
/etc/hosts.deny file:

All: ip no

cPanel.net Support Ticket Number:
So it would be

All: 123.123.123.123

Is that right or have I got it wrong ?

Regards,
Garry

cPanel.net Support Ticket Number:
 

ivaserver

Well-Known Member
Aug 9, 2002
111
0
166
So it would be

All: 123.123.123.123


what about an ip range or miltiple ip addresses?

Regards
Ivaserver

cPanel.net Support Ticket Number:
 

Jemshi

Well-Known Member
Sep 11, 2003
208
0
166
India
Originally posted by Doctor
By the way guys, how does one block an entire range of IP using IPTABLES?

cPanel.net Support Ticket Number:
use iptables like this.

iptables -A INPUT -s xxx.xxx.xxx.0/24 -j DROP

this will block all IPs in the range

xxx.xxx.xxx.0 - xxx.xxx.xxx.255
/16 means the last two sections.
/0 is full :)

remember to save using iptables-save or

/etc/rc.d/init.d/iptables save.

cPanel.net Support Ticket Number:
 

internetfab

Well-Known Member
PartnerNOC
Feb 20, 2003
335
0
166
Gothenburg, Sweden
cPanel Access Level
DataCenter Provider
All: 123.123.123.123 , xxx.xxx.xxx.xxx

do not remember how to do it for ip range

We use to put in the /etc/hosts.allow hosts names from which users are allowed to login thru ssh

ssh: ip, ip ,ip

cPanel.net Support Ticket Number:
 

cxteam

Registered
Oct 7, 2003
1
0
151
It would be better for you to install APF Firewall.

cPanel.net Support Ticket Number:
 

ivaserver

Well-Known Member
Aug 9, 2002
111
0
166
Originally posted by Jemshi
use iptables like this.

iptables -A INPUT -s xxx.xxx.xxx.0/24 -j DROP

this will block all IPs in the range

xxx.xxx.xxx.0 - xxx.xxx.xxx.255
/16 means the last two sections.
/0 is full :)

remember to save using iptables-save or

/etc/rc.d/init.d/iptables save.

cPanel.net Support Ticket Number:
Thanks

can i go through what i think i should do to block ip addresses from spammers: mail.outstandingvalues.com and mail.meta-deals.com


63.212.169.92

63.212.169.94

63.212.169.90

63.212.169.91

63.212.169.93

63.212.169.85

63.212.169.86

63.212.169.89

63.212.169.88

63.212.169.87

63.212.169.82

63.212.169.81

63.212.169.84

63.212.169.80

63.212.169.83

63.212.169.68

63.212.169.72

63.212.169.73

63.212.169.70

63.212.169.71

63.212.169.69

63.212.169.75

63.212.169.78

63.212.169.79

63.212.169.77

63.212.169.74

63.212.169.76

63.212.169.110

63.212.169.107

63.212.169.108

63.212.169.109

63.212.169.106

63.212.169.112

63.212.169.111

63.212.169.114

63.212.169.115

63.212.169.113

63.212.169.117

63.212.169.119

63.212.169.120

63.212.169.118

63.212.169.116

63.212.169.121

63.212.169.122

63.212.169.123

63.212.169.125

63.212.169.126

63.212.169.124

63.212.169.103

63.212.169.100

63.212.169.102

63.212.169.105

63.212.169.101

63.212.169.104






is this correct

log in as root

type in, iptables -A INPUT -s 63.212.169.0/24 -j DROP

return


then type in, 63.212.169.0 - 63.212.169.255

return

then type in, /etc/rc.d/init.d/iptables save.

return


Is this correct?

Thanks
Ivaserver

cPanel.net Support Ticket Number: