Quick and easy iptables blocking and firewalling basics

A customer emailed in today had noticed somebody trying to hack or crash his VPS. He tracked it down to one particular IP address but didnt know how to block him.

There are several things you can do to block him, the long term solution and better option is probably using a firewall like iptables.

To block a single IP address with iptables you run the following

iptables -A INPUT -s offendingip -j DROP

This simply drops all packets from that source ip address. This will not be saved at all when you reboot so to do that, you can run the following comands

iptables-save >/etc/iptables-save

This saves your rules all into that file, now you just need a way of importing those rules which would be as follows

iptables-restore < /etc/iptables-save

By adding this to your network up scripts this will auto import them every reboot when your network comes up.

Under RHEL/Centos you can use following commands:
To Save the rules to /etc/sysconfig/iptables file:

# /etc/init.d/iptables save

To Restore the rules from /etc/sysconfig/iptables file:

# /etc/init.d/iptables start

If you are using Debian Linux open /etc/network/interfaces:

# vi /etc/network/interfaces

Append the line to eth0 section:

post-up iptables-restore < /etc/iptables-save

As always, if you get stuck at all, just drop us an email at support, we are only too happy to help out.