Rejecting (Blocking) an IP for any service on Ubuntu Server

After a while that I have my server running for some reason it was slowing down my network so I decided to check the /var/log/auth.log and realize that I was just been trying to brute force the ROOT ssh access from several IPs so in order to stop that I decided to block those IPs

To block a IP address with IPTABLES
sudo iptables -A INPUT -s 0.0.0.0 -j DROP
To block a range of IP address with IPTABLES
sudo iptables -A INPUT -m iprange --src-range 0.0.0.0-0.0.0.254 -j DROP

To unblock just change the A for a D

Obviously change the 0.0.0.0 for the desired IP

In order to persist those IPTABLES install this tool
sudo apt-get install iptables-persistent

The instructions are saved on /etc/iptables/rules.v4 (not automatically)
You can just add instructions to that file and make a
sudo iptables-restore < /etc/iptables/rules.v4

— UPDATE —

This was a very time expensive activity, so looking around I found this solution FAIL2BAN

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s