Ip Address blocked by centos Server

Ip Address blocked by centos Server

The iptables command is used here.

Iptables-I input-s 124.115.0.199-j DROP is blocked 124.115.0.199 this IP iptables-I INPUT-s 124.115.0.0/16-j DROP is blocked 124. 115. *. * This IP address is the IP address starting with 124.115, iptables-I INPUT-s 61.37.80.0/24-j DROP, and 61.37.80 is blocked. * This IP Address indicates that the IP address iptables-I INPUT-s 124.0.0.0/8-j DROP starting with 61.37.80 is blocked by 124. *. *. * This IP Address indicates the IP address starting with 124.

This is a detailed description. I have nothing to say if I can't understand it.

Since it is blocked, it must be blocked.

Iptables-d input-s 124.0.0.0/8-j DROP, you only need to change I to D, and then you can write IP addresses or IP segments later. Hope this linux Command tutorial for shielding IP addresses can help you

1. Install iptables Firewall

CentOS execution: yum install iptablesDebian/Ubuntu execution: apt-get install iptables

2. Clear existing iptables rules

iptables -Fiptables -Xiptables -Z

3. Open the specified port

# Allow the local loopback interface (that is, running the local machine to access the local machine) iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT # Allow ESTABLISHED or related connections to access iptables-a input-m state-state ESTABLISHED, RELATED-j ACCEPT # Allow all local machines to access iptables-a output-j ACCEPT # Allow access to port 22 iptables-a input-p tcp-dport 22-j ACCEPT # Allow access to 80 port iptables-a input-p tcp-dport 80-j ACCEPT # Allow port 21 and Port 20 of the FTP service iptables-a input-p tcp-dport 21-j ACCEPTiptables-a input- p tcp-dport 20-j ACCEPT # If there are other ports, the rule is similar. Modify the preceding statement slightly. # Disable other unpermitted rules from accessing iptables-a input-j REJECTiptables-a forward-j REJECT.

4. Shielding IP addresses

# If you only want to block the IP address, you can skip "Open the specified port. # The command to shield a single IP address is iptables-I input-s 123.45.6.7-j DROP # The command iptables-I INPUT-s 123.0.0.1 to 123.20.254 from 123.0.0.1 to 123.255.255.254 # The command iptables-I input-s 124.45.0.0/16-j DROP # iptables-I input-s 124.45.0.0/16-j DROP from 123.45.6.1 to 123.45.6.254 is iptables-I INPUT- s 123.45.6.0/24-j DROP

4. view the added iptables rules

Iptables-L-nv: displays detailed information, including the number of matching packages and number of matching bytes for each rule x: Based on v, automatic unit conversion (K, M) n is prohibited: only the ip address and port number are displayed, and the ip address is not resolved as a domain name.

5. Delete the added iptables rules and display all iptables with serial numbers. Run the following command:

Iptables-L-n-line-numbers. For example, to delete a rule with the serial number 1 in INPUT, run iptables-d input 1.

6. Start iptables and save the rules

On chkconfig-level 345 iptables onCentOS, you can run the following common commands to use iptables to block ip segments in Linux: the command for iptables-I INPUT-s 211.1.0.0-j DROP an IP segment is: iptables-I input-s 211.1.0.0/16-j DROPiptables-I input-s 211.2.0.0/16-j DROPiptables-I INPUT-s 211.3.0.0/16-j DROP

The command to block the entire segment is:

iptables -I INPUT -s 211.0.0.0/8 -j DROP

The command for sealing several segments is:

iptables -I INPUT -s 61.37.80.0/24 -j DROPiptables -I INPUT -s 61.37.81.0/24 -j DROP

To unseal:

Iptables-d input-s IP address-j REJECTiptables-F cleared

Close:/etc/rc. d/init. d/iptables stop start:/etc/rc. d/init. d/iptables start restart:/etc/rc. d/init. d/iptables restart

1. Enable upon restart: chkconfig iptables on: chkconfig iptables off2. Enable upon restart: Disable service iptables start: stop service iptables