Use iptables to block IP segments in Linux

124. *. * This ip segment is very disgusting, it is recommended to block # iptables-F # iptables-PINPUTACCEPT # iptables-POUTPUTACCEPT # iptables-PFORWARDACCEPT # iptables-AFORWARD-s124.115.0.0/24-jDROP # iptables on the server

124. 115. *. * This ip segment is very disgusting. we recommend that you block it on the server.

#Iptables-F

# Iptables-P INPUT ACCEPT

# Iptables-P OUTPUT ACCEPT

# Iptables-P FORWARD ACCEPT

# Iptables-a forward-s 124.115.0.0/24-j DROP

# Iptables-I FORWARD-d 202.96.170.164-j DROP

Supplement ::

The command to block a single IP address is:

Iptables-I INPUT-s 211.1.0.0-j DROP

The command to block IP segments is:

Iptables-I INPUT-s 211.1.0.0/16-j DROP

Iptables-I INPUT-s 211.2.0.0/16-j DROP

Iptables-I INPUT-s 211.3.0.0/16-j DROP

The command to block the entire segment is:

Iptables-I INPUT-s 211.0.0.0/8-j DROP

The command for sealing several segments is:

Iptables-I INPUT-s 61.37.80.0/24-j DROP

Iptables-I INPUT-s 61.37.81.0/24-j DROP

There are three methods to start self-running on the server:

1. add it to/etc/rc. local.

2. iptables-save>;/etc/sysconfig/iptables can put your current iptables rules into/etc/sysconfig/iptables, which is automatically executed when the system starts iptables.

3. service iptables save can also put your current iptables rules in/etc/sysconfig/iptables. The system automatically runs iptables when it starts.

The last two are better. Generally, the iptables service is enabled before the network service, which is safer.

To unseal:

Iptables-d input-s IP address-j REJECT

Iptables-F cleared

I accidentally couldn't even connect myself -_-!!!

Iptables-I INPUT-p tcp -- dport 80-s 124.115.0.0/24-jDROP

In the future, only port 80 will be blocked. No problem will occur!