Blocking IP Address Using Iptables, UFW, & Firewalld

Managing the flow of network traffic in and out of a Linux system is vital for maintaining system security. This can be achieved through various tools that are bundled within most Linux distributions, including iptables, UFW (Uncomplicated Firewall), and firewalld. In this article, we’ll explore how to block a specific IP address using each of these tools.

Blocking IP Address with Iptables

iptables is a traditional and widely-used tool for controlling network traffic on Linux. Here’s how you can block a specific IP address using iptables:

Advertisement

1. Open your terminal.
2. Run the following command to block an IP address. Replace X.X.X.X with the IP address you want to block:

   sudo iptables -A INPUT -s X.X.X.X -j DROP 
   

   In this command:

   • -A INPUT means append (-A) the rule to the input chain.
   • -s X.X.X.X specifies the source address to block.
   • -j DROP instructs the system to drop the packets coming from the specified IP address.
3. To ensure that the rule persists after rebooting, install iptables-persistent:

   sudo apt-get install iptables-persistent 
   

4. Save your current iptables rules:

   sudo netfilter-persistent save 
   

   This command ensures your rule is permanent and remains in effect even after system reboot.

Blocking IP Address with UFW

UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

Here’s how you can block an IP address with UFW:

1. Open your terminal.
2. If UFW is not installed on your system, you can install it using the following command:

   sudo apt-get install ufw 
   

3. Run the following command to block an IP address. Replace X.X.X.X with the IP address you want to block:

   sudo ufw deny from X.X.X.X 
   

   In this command, deny from X.X.X.X tells the UFW to deny all traffic from the specified IP address.

4. Enable UFW with the following command:

   sudo ufw enable 
   

   UFW rules are persistent across reboots, so you don’t need to worry about your rules disappearing when you restart your machine.

Blocking IP Address with Firewalld

firewalld provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces.

Here’s how you can block an IP address with firewalld:

1. Open your terminal.
2. If firewalld is not installed on your system, you can install it using the following command:

   sudo apt-get install firewalld 
   

3. Start and enable firewalld:

   sudo systemctl start firewalld 
   sudo systemctl enable firewalld 
   

4. Run the following command to block an IP address. Replace X.X.X.X with the IP address you want to block:

   sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="X.X.X.X" reject' 
   

   In this command:

   • --permanent makes the change persistent across reboots.
   • --add-rich-rule allows you to add a rule in the rich language of firewalld.
   • The rule itself is enclosed in single quotes.
5. Finally, reload the firewall to apply the changes:

   sudo firewall-cmd --reload 
   

This concludes our guide to blocking specific IP addresses on Linux using iptables, UFW, and firewalld. It’s crucial to take precautionary measures when blocking IP addresses, as it might disrupt normal network traffic if done incorrectly. Always ensure to validate the IP addresses you intend to block.