[SOLVED] How can I block a single IP?

[carloslosgrande]

Well I'm confused - nothing new there - I thought that a site appearing on my screen was an incoming service.
I await your researches, while I have a look myself.
Thanks caljohnsmith.

[carloslosgrande]

I found this command ;

iptables -A INPUT -s 221.231.148.194 -j DROP

at this site;
http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/
that says this;

In order to block an IP on your Linux server you need to use iptables firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows:
iptables -A INPUT -s IP-ADDRESS -j DROP

and this one;

iptables -I INPUT -s IP_ADDRESS_HERE -j DROP

at this site; http://forums.serverbeach.com/showthread.php?t=2241
However I've noticed that site still come up.
All the sites I found basically gave the 1st command (using -A) but no mention of any other steps.
I checked

/sbin/iptables -L

and the drop is in there but not working?

[ahmatti]

You could also use "Firestarter" to configure your firewall to block unwanted sites. It is an easy to use graphical tool and is in the repos. Ubuntu Hardy also has UFW https://wiki.ubuntu.com/UbuntuFirewall that is easier to use than iptables.

[caljohnsmith]

OK, carloslosgrande, I found out how to use iptables to block an IP address. The main problem with what you tried was using the "INPUT" table instead of the "OUTPUT" IP table. In other words, when you type in a website into Firefox, that is an outgoing request from your computer to get a web page from that website, which is why it should be defined in the OUTPUT IP table if you want to block it. Here's an example:

Code:

sudo iptables -A OUTPUT -d 208.122.19.56 -j REJECT

Any outgoing request from your computer to address 208.122.19.56 will be blocked. Now if you list the current iptables:

Code:

sudo iptables -L

Then you will see your rule for 208.122.19.56 under the OUTPUT category. If you decide you want to delete it, and if it is the first entry under the OUTPUT category (for example), you could delete it with:

Code:

sudo iptables -D OUTPUT 1

Or replace the "1" above with whichever entry it is. Another way of deleting it is to fully specify it:

Code:

sudo iptables -D OUTPUT -d 208.122.19.56 -j REJECT

Now the problem is that iptables only deals with IP addresses; the IP addresses of domains can change if they get a new hosting company for example, or in the case of heavily-used domains like google.com, they have more than one IP address. Thus if you want to block a specific website and not just an IP address (like me), then I would use previous poster 505's method and just add the website to the /etc/hosts file and link it to 127.0.0.1.

Anyway, hope that helps carloslosgrande.

[carloslosgrande]

Hi Ahmatti, actually I tried firestarter and there isn't any option to block - it blocks by default - the options are to allow. At least thats how I understand it.
The new ufw system looks even more complex, but perhaps the gui will be simpler? Not sure if its ready yet.
Thanks.

[carloslosgrande]

Hi caljohnsmith, thanks for that. Counterintuitive until you explained how it works.
I've now set it as per your instructions and I'm testing it now.
A whole day testing and no show of the offending IP - that worked a charm

[carloslosgrande]

The solution from caljohnsmith worked fine except it doesn't stick. A few days ago the offending sites reappeared. I checked iptables and the line rejecting the ip address was missing.
So I ran the command again - worked, until next restart.

How can I make this permanent?

I thought a command like that would be permanent?

[caljohnsmith]

The solution from caljohnsmith worked fine except it doesn't stick. A few days ago the offending sites reappeared. I checked iptables and the line rejecting the ip address was missing.
So I ran the command again - worked, until next restart.

How can I make this permanent?

I thought a command like that would be permanent?

You could put the iptables command in your /etc/rc.local file, and then it will run the iptables command every time on start up. Any command in the rc.local file is run as root, so no need to put a "sudo" in front of it. And although I've never used it, you might want to check out "firestarter", which is basically a nice GUI for iptables; it will keep your changes between reboots. Good luck and let me know how it goes, or if you need any more info.

[starcannon]

If you have a router in your configuration (most broadband modems have router functions as well) you can block it at the router, keeping it from ever making it as far as your computer.

On a linksys router for instance, you can block by website under "Access Restrictions" tab.
It will be something similar on most consumer grade routers.

I never played with iptables much, I generally blacklist sites using my router.

GL

[crjackson]

Well the easist way was already disclosed in post number 2. Redirecting using the "hosts" file. /etc/hosts not /etc/hosts.deny

edit that file and you will see examples of how to use it properly. It's a great tool. I use it all the time to block certain sites from the kids computers.