Block IP Address

TL;DR

This guide shows you how to block all incoming requests from a specific IP address using common firewall tools like iptables (Linux) and Windows Firewall. This is useful for stopping malicious traffic or unwanted access.

Blocking an IP Address on Linux with iptables

1. Check if the IP address is already blocked: First, list your current rules to avoid duplicates.

   sudo iptables -L

2. Block incoming traffic: This command blocks all new connections from the specified IP address. Replace 192.168.1.100 with the actual IP you want to block.

   sudo iptables -A INPUT -s 192.168.1.100 -j DROP

3. Block outgoing traffic (optional): If you also want to prevent the IP address from connecting *to* your server, use this command.

   sudo iptables -A OUTPUT -d 192.168.1.100 -j DROP

4. Save the rules: The above commands are temporary and will be lost on reboot. Save them permanently using one of these methods (depending on your distribution):
   • Debian/Ubuntu:

     sudo apt-get install iptables-persistent

     then answer ‘yes’ when prompted to save current rules.

   • CentOS/RHEL:

     sudo service iptables save

     or

     sudo /sbin/iptables-save > /etc/sysconfig/iptables

5. Verify the block: Check your rules again to confirm the IP address is now blocked.

   sudo iptables -L

Blocking an IP Address on Windows Firewall

1. Open Windows Firewall with Advanced Security: Search for “Windows Firewall” in the Start menu and select “Windows Firewall with Advanced Security”.
2. Create a new Inbound Rule: In the left pane, click “Inbound Rules”, then click “New Rule…” in the right pane.
3. Rule Type: Select “Custom” and click “Next”.
4. Program: Select “All programs” and click “Next”.
5. Scope: Under “Which remote IP addresses does this rule apply to?”, select “These IP addresses:”. Click “Add…” and enter the IP address you want to block (e.g., 192.168.1.100). Click “OK” twice, then click “Next”.
6. Action: Select “Block the connection” and click “Next”.
7. Profile: Choose which network profiles this rule should apply to (Domain, Private, Public) – usually all three. Click “Next”.
8. Name: Give the rule a descriptive name (e.g., “Block Bad IP”) and click “Finish”.
9. Create an Outbound Rule (optional): Repeat steps 2-7 to create an outbound rule if you want to block connections *from* your server to that IP address.

Important Considerations

• Dynamic IPs: If the IP address is dynamic (changes frequently), blocking it will only be effective until the IP changes.
• False Positives: Be careful when blocking IPs, as you might accidentally block legitimate traffic.
• cyber security Best Practice: Blocking an IP is a reactive measure. Consider investigating *why* you need to block an IP and address the underlying issue (e.g., vulnerability in your application).