Iptables cheat sheet

From MyLabWiki
Revision as of 12:23, 28 June 2015 by Alex (Talk | contribs)

Jump to: navigation, search

Applicable to Debian 8.

Blocking IP addresses

Permanently block an IP address[1]:

 iptables -A INPUT -s a.b.c.d -j DROP

Unblock IP address[1]:

 iptables -D INPUT -s a.b.c.d -j DROP

Block and IP address after 3 failed SSH login attempts made within 60 seconds[2]:

 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The reference[2] also gives info about how to set up logging.



References

  1. 1.0 1.1 nixCraft, How Do I Block an IP Address on My Linux server?
  2. 2.0 2.1 rackaid, Block SSH Brute Force Attacks with IPTables