Drop IP traffic using iptables in Ubuntu

Once in a while my server was getting a lot of traffic. As I discovered that was unwanted traffic, different IP’s were doing POST calls to my WordPress login. Not only I didn’t feel secure (I was being attacked) but they put my CPU at I had the CPU at 80% all the time.

iptables to the rescue

I already had a bunch of iptables rules set on my Ubuntu. Thing was, I didn’t know how to block a specific IP.

Some people, including myself, have a set of firewall rules in a separate file so every time Ubuntu restarts uses that set of rules.

On that file I was supposed to add the blocking (DROP) IP rules. They look like this:

Use the iptables Ban Generator

It’s critical to put the DROP rules at the beggining, otherwise it doesn’t work. It looks like if a packet meets a rule, none of the following rules will apply. Meaning, if you put the DROP rules at the end, the packets will probably have met a previous ACCEPT rule.

Range Ban

To block 116.10.191.* addresses:

To block 116.10.. addresses:

To block 116…* addresses:

Tips

Restore the iptables based on the firewall rules file:

Print the iptables with the IPs:

Starter file with some firewall rules:

Further information in Linode’s Documentation.

Tags:

One Response to “Drop IP traffic using iptables in Ubuntu”

  1. Marcian February 25, 2017 at 2:17 am #

    Thanks. There’s an army of bots POSTing to wp-login endpoints. Sometimes our app would get hit dozens of times per second.

Leave a Reply

Add <code> Some Code </code> by using this tags.