Internet Marketing Forum

For Webmasters and Entrepreneurs

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 17, 2012, 12:58:58 PM

For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.

- Sun Tzu

Home

Privacy

Internet Marketing Forum > Online Business Discussions > Website Design and Maintenance > Administration

Blocking an IP range using iptables

0 Members and 4 Guests are viewing this topic.

Pages: [1]

Author

Topic: Blocking an IP range using iptables (Read 11804 times)

Emil-Otang

Beginner

Joined: Sep 2008
Posts: 44

$View Emil-Otang\s Profile$
Emil-Otang is from United States

United States

Sep 21, 2008, 05:13:20 PM

I'm posting this here to help any of you out who need to use iptables firewall to block offensive IP ranges...

If you wanted to block the entire 221.0.0.0-221.255.255.255 range, then use either:

iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 221.0.0.0/8 -j DROP

They do the same thing, you're just using CIDR notation instead of netmasks...

Note that using /24 will just block 221.0.0.0-221.0.0.255 as in the command below

iptables -A INPUT -s 192.168.100.0/24 -j DROP

To block a single IP, just do the following

iptables -I INPUT -s 83.69.224.164 -j DROP

You can work online as a Social Media User or a Freelance Provider Globally
Learn SEO and earn money online

Galaxian

Senior Member

Joined: Oct 2007
Posts: 286

The internet is my playground.

$View Galaxian\s Profile$
Gender: Male

United States

Oct 04, 2008, 04:15:25 PM

how can I do the same thing but using my .htaccess file ?

Code4Gold

Administrator

Joined: Jan 2006
Posts: 6215

Administrator

$View Code4Gold\s Profile$

United States

Oct 04, 2008, 06:40:30 PM

Here's a good article on doing it with your .htaccess file

http://www.kirupa.com/web/htaccess.htm

basicly...

Quote

* IP Blocking
If you would like to prevent an individual or a group of individuals on a certain IP range from accessing your site, you can selectively deny access to them.

You would use the following command format:

<Limit GET HEAD POST>
order allow,deny
deny from 18.52.3.5
deny from 18.132.152
deny from 24.2
allow from all
</LIMIT>

Of course, you would probably not be interested in blocking the fictitious IPs I mentioned above. You should change those to something more relevant. If you are really not well liked, you can add as many deny from lines of code as you want.

If somebody from an entire IP range is bugging, you can block all IPs within that range by only entering a smaller portion of their IP such as 24.2. All IPs that being with 24.2 such as 24.2.35.3 and 24.2.142.122 will also be blocked automatically. You may want to be careful for you may not want to block access to visitors that you still want accessing site.

While it's not as effective as using your firewall, if you don't have administrator priveleges on your server, the .htaccess file is a quick and dirty way to block offending IPs.

Also, see the following thread for generating IP blocks to block IP's by country...

http://www.code4gold.com/forums/index.php?topic=15691.0

Latest Blog Post : 8 Tips for Creating a Marketing Buzz

Best Affiliate Programs Ξ SocialNews Ξ Blogger Forum Ξ Wealth Watching

S-GBR

Beginner

Joined: Jan 2009
Posts: 11

$View S-GBR\s Profile$
S-GBR is from United States

United States

Jan 22, 2009, 10:58:11 PM

Interesting. but how do you know what IP's to block?

beck86

New Member

Joined: Mar 2009
Posts: 9

$View beck86\s Profile$
beck86 is from United States

United States

Mar 30, 2009, 12:17:27 AM

You would block any IP's you're having trouble with.

bleuken

Beginner

Joined: Apr 2009
Posts: 16

$View bleuken\s Profile$

Apr 07, 2009, 04:49:05 PM

Quote from: S-GBR on Jan 22, 2009, 10:58:11 PM

Interesting. but how do you know what IP's to block?

Well its up to you. If you find the IP is very offensive and make something nasty for your site, of course you want to block it. Usually it can be found on your log file.

Tech Manager

New Member

Joined: Jul 2009
Posts: 2

$View Tech Manager\s Profile$
Tech Manager is from United States

United States

Jul 13, 2009, 01:14:42 PM

If you are interested in blocking specific countries or ranges within specific countries you can utilize the data at Country IP Blocks (A site and database I designed). The site allows you to select a country or group of countries and then it will create access control lists in seven different formats.

You can insert the data into iptables or choose a simple solution such as having the website create the .htaccess file for you. As an example if you wanted to use an .htaccess file to block Afghanistan and Aruba, you would select the two countries, choose the data format (.htaccess deny) and submit the form. The blocks will instantly be created for you and look like this:

<Limit GET HEAD POST>
order allow,deny
# Country: AFGHANISTAN
# ISO Code: AF
# Total Networks: 14
# Total Subnets: 65,792
deny from 58.147.128.0/19
deny from 110.34.40.0/21
deny from 117.55.192.0/20
deny from 117.104.224.0/21
deny from 119.59.80.0/21
deny from 121.100.48.0/21
deny from 121.127.32.0/19
deny from 125.213.192.0/19
deny from 202.56.176.0/20
deny from 202.86.16.0/20
deny from 203.174.27.0/24
deny from 203.215.32.0/20
deny from 210.80.0.0/19
deny from 210.80.32.0/19
## Country: ARUBA
# ISO Code: AW
# Total Networks: 2
# Total Subnets: 18,432
deny from 200.12.248.0/21
deny from 201.229.0.0/18
#
allow from all
</Limit>

Summer Savings! $7.49 .com domains at GoDaddy.com!

Pages: [1]