How to block a suspicious IP address?
NOTE: The steps below should be performed on all instances that receive inbound Internet traffic. |
If you have detected an IP address that is collapsing your server or just making suspicious requests, block it using iptables. To do this, run the following command:
$ sudo su
$ iptables -A INPUT -s 1.2.3.4 -j DROP
Remember to replace 1.2.3.4 with the IP address you want to block.
IMPORTANT: Use with caution. If you don't specify an IP address, you will block yourself. |
This will block all requests from that IP address. To have your iptables rules active even after rebooting the server, follow these steps:
-
Execute these commands:
$ sudo su $ iptables-save > /opt/bitnami/iptables-rules $ crontab -e
-
Edit the above file with your favourite editor and include this line at the end of the file:
@reboot /sbin/iptables-restore < /opt/bitnami/iptables-rules
-
Save the file and exit.
Now, on every boot, the system will load and apply the iptables rules.
To delete a rule, run the following command:
$ sudo su
$ iptables -D INPUT -s 1.2.3.4 -j DROP
This will delete the rule. Remember to replace 1.2.3.4 with a valid IP address.
Rerun the iptables-save command shown previously to make the new rules active even after rebooting the server.