Drop IP traffic using iptables in Ubuntu

Once in a while my server was getting a lot of traffic. As I discovered that was unwanted traffic, different IP’s were doing POST calls to my WordPress login. Not only I didn’t feel secure (I was being attacked) but they put my CPU at I had the CPU at 80% all the time.

iptables to the rescue

I already had a bunch of iptables rules set on my Ubuntu. Thing was, I didn’t know how to block a specific IP.

Some people, including myself, have a set of firewall rules in a separate file so every time Ubuntu restarts uses that set of rules.

On that file I was supposed to add the blocking (DROP) IP rules. They look like this:

Use the iptables Ban Generator

It’s critical to put the DROP rules at the beggining, otherwise it doesn’t work. It looks like if a packet meets a rule, none of the following rules will apply. Meaning, if you put the DROP rules at the end, the packets will probably have met a previous ACCEPT rule.

Range Ban

To block 116.10.191.* addresses:

To block 116.10.. addresses:

To block 116…* addresses:

Tips

Restore the iptables based on the firewall rules file:

Print the iptables with the IPs:

Starter file with some firewall rules:

Further information in Linode’s Documentation.

One comment

Leave a Reply

Add <code> Some Code </code> by using this tags.

*
*