Recipe 2.7 Blocking Access from a Remote Host

2.7.1 Problem

You want to block incoming traffic from a particular host.

2.7.2 Solution

To block all access by that host:

For iptables:

# iptables -A INPUT -s remote_IP_address -j REJECT

For ipchains:

# ipchains -A input -s remote_IP_address -j REJECT

To block requests for one particular service, say, the SMTP mail service:

For iptables:

# iptables -A INPUT -p tcp -s remote_IP_address --dport smtp -j REJECT

For ipchains:

# ipchains -A input -p tcp -s remote_IP_address --dport smtp -j REJECT

To admit some hosts but block all others:

For iptables :

# iptables -A INPUT -s IP_address_1 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT -s IP_address_2 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT -s IP_address_3 [-p protocol --dport service] -j ACCEPT # iptables -A INPUT [-p protocol --dport service] -j REJECT

For ipchains:

# ipchains -A input -s IP_address_1 [-p protocol --dport service] -j ACCEPT # ipchains -A input -s IP_address_2 [-p protocol --dport service] -j ACCEPT # ipchains -A input -s IP_address_3 [-p protocol --dport service] -j ACCEPT # ipchains -A input [-p protocol --dport service] -j REJECT

2.7.3 Discussion

You can also block access at other levels such as TCP-wrappers. [Recipe 3.9][Recipe 3.11]

2.7.4 See Also

iptables(8), ipchains(8).