How to block an IP to access the whole Server ?

[donnie]

Hi Everybody,
I want to know that how can I block a particular IP to access the server or even that particular IP is not able to access any site on the server.

Thanks

Donnie

cPanel.net Support Ticket Number:

 

[Website Rob]

Use iptables

/sbin/iptables -I INPUT -s xx.xx.xx.xx -j DROP

Copy & paste to use when in 'root' shell -- where xx.xx.xx.xx is the actual IP address to drop. They won't be able to access anything on your Server.

cPanel.net Support Ticket Number:

 

[Doctor]

If you restart the server, the IPTABLES get reset and all the IPs entered for blocking will be gone.

Is there a permanent solution for blocking IPs for the entire server?

cPanel.net Support Ticket Number:

 

[tAzMaNiAc]

Originally posted by Doctor
If you restart the server, the IPTABLES get reset and all the IPs entered for blocking will be gone.

Is there a permanent solution for blocking IPs for the entire server?

cPanel.net Support Ticket Number:

Put that drop line into /etc/rc.d/rc.local

(at the end)

that way when you reboot, it'll reload it again..

Brenden

cPanel.net Support Ticket Number:

 

[Doctor]

Everyone... is this a better drop line than the one provided by Website Rob?

iptables -A INPUT -m tcp -p tcp --dport 80 -s IP -j DROP

where IP is replaced by the IP address (of course!)..hehe..

Just need to know the difference between the two.

cPanel.net Support Ticket Number:

 

[WebHostPro]

What's wrong with the .hostdeny file used by port sentry?

cPanel.net Support Ticket Number:

 

[pingo]

SSH and write:
/sbin/route add -host < offending IP-no here > reject

Will kill incoming and outgoing connections from that IP but only until you reboot your server.

If you would like it to be nullrouted permanently do as already suggested:

pico /etc/rc.d/rc.local - add above line, and it will be re-execute each time the server is rebooted.

John

cPanel.net Support Ticket Number:

 

[Doctor]

By the way guys, how does one block an entire range of IP using IPTABLES?

cPanel.net Support Ticket Number:

 

[oderland]

/etc/hosts.deny

Hi

The simplest thing is to drop this line into your
/etc/hosts.deny file:

All: ip no

cPanel.net Support Ticket Number:

 

[silvernetuk]

Re: /etc/hosts.deny

Originally posted by oderland
Hi

The simplest thing is to drop this line into your
/etc/hosts.deny file:

All: ip no

cPanel.net Support Ticket Number:

So it would be

All: 123.123.123.123

Is that right or have I got it wrong ?

Regards,
Garry

cPanel.net Support Ticket Number:

 

[internetfab]

jepp

yes. That should do it.

Cheers JackOderland

cPanel.net Support Ticket Number:

 

[ivaserver]

So it would be

All: 123.123.123.123


what about an ip range or miltiple ip addresses?

Regards
Ivaserver

cPanel.net Support Ticket Number:

 

[Jemshi]

Originally posted by Doctor
By the way guys, how does one block an entire range of IP using IPTABLES?

cPanel.net Support Ticket Number:

use iptables like this.

iptables -A INPUT -s xxx.xxx.xxx.0/24 -j DROP

this will block all IPs in the range

xxx.xxx.xxx.0 - xxx.xxx.xxx.255
/16 means the last two sections.
/0 is full

remember to save using iptables-save or

/etc/rc.d/init.d/iptables save.

cPanel.net Support Ticket Number:

 

[internetfab]

All: 123.123.123.123 , xxx.xxx.xxx.xxx

do not remember how to do it for ip range

We use to put in the /etc/hosts.allow hosts names from which users are allowed to login thru ssh

ssh: ip, ip ,ip

cPanel.net Support Ticket Number:

 

[cxteam]

It would be better for you to install APF Firewall.

cPanel.net Support Ticket Number:

 

[oderland]

jepp, we use that to. but you can never be sure

cPanel.net Support Ticket Number:

 

[ivaserver]

Originally posted by Jemshi
use iptables like this.

iptables -A INPUT -s xxx.xxx.xxx.0/24 -j DROP

this will block all IPs in the range

xxx.xxx.xxx.0 - xxx.xxx.xxx.255
/16 means the last two sections.
/0 is full

remember to save using iptables-save or

/etc/rc.d/init.d/iptables save.

cPanel.net Support Ticket Number:

Thanks

can i go through what i think i should do to block ip addresses from spammers: mail.outstandingvalues.com and mail.meta-deals.com


63.212.169.92

63.212.169.94

63.212.169.90

63.212.169.91

63.212.169.93

63.212.169.85

63.212.169.86

63.212.169.89

63.212.169.88

63.212.169.87

63.212.169.82

63.212.169.81

63.212.169.84

63.212.169.80

63.212.169.83

63.212.169.68

63.212.169.72

63.212.169.73

63.212.169.70

63.212.169.71

63.212.169.69

63.212.169.75

63.212.169.78

63.212.169.79

63.212.169.77

63.212.169.74

63.212.169.76

63.212.169.110

63.212.169.107

63.212.169.108

63.212.169.109

63.212.169.106

63.212.169.112

63.212.169.111

63.212.169.114

63.212.169.115

63.212.169.113

63.212.169.117

63.212.169.119

63.212.169.120

63.212.169.118

63.212.169.116

63.212.169.121

63.212.169.122

63.212.169.123

63.212.169.125

63.212.169.126

63.212.169.124

63.212.169.103

63.212.169.100

63.212.169.102

63.212.169.105

63.212.169.101

63.212.169.104






is this correct

log in as root

type in, iptables -A INPUT -s 63.212.169.0/24 -j DROP

return


then type in, 63.212.169.0 - 63.212.169.255

return

then type in, /etc/rc.d/init.d/iptables save.

return


Is this correct?

Thanks
Ivaserver

cPanel.net Support Ticket Number: