How to block a suspicious IP address?
|NOTE: The steps below should be performed on all instances that receive inbound Internet traffic.|
If you have detected an IP address that is collapsing your server or just making suspicious requests, block it using iptables. To do this, run the following command:
$ sudo su $ iptables -A INPUT -s 188.8.131.52 -j DROP
Remember to replace 184.108.40.206 with the IP address you want to block.
|IMPORTANT: Use with caution. If you don't specify an IP address, you will block yourself.|
This will block all requests from that IP address. To have your iptables rules active even after rebooting the server, follow these steps:
Execute these commands:
$ sudo su $ iptables-save > /opt/bitnami/iptables-rules $ crontab -e
Edit the above file with your favourite editor and include this line at the end of the file:
@reboot /sbin/iptables-restore < /opt/bitnami/iptables-rules
Save the file and exit.
Now, on every boot, the system will load and apply the iptables rules.
To delete a rule, run the following command:
$ sudo su $ iptables -D INPUT -s 220.127.116.11 -j DROP
This will delete the rule. Remember to replace 18.104.22.168 with a valid IP address.
Rerun the iptables-save command shown previously to make the new rules active even after rebooting the server.