Blokir IP Dengan IPTABLES

The following command will drop any packet coming from the IP address 1.2.3.4:

[codesyntax lang=”php” lines=”normal”]

/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

[/codesyntax]

You can also specify an interface such as eth1 via which a packet was received:

[codesyntax lang=”php”]

/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i eth1 -s 1.2.3.4 -j DROP

[/codesyntax]

Please note that when the “!” argument is used before the interface name, the sense is inverted:

[codesyntax lang=”php”]

/sbin/iptables -I INPUT ! -i {INTERFACE-NAME-HERE} -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT ! -i eth1 -s 1.2.3.4 -j DROP

[/codesyntax]

If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match:

[codesyntax lang=”php”]
/sbin/iptables -I INPUT -i {INTERFACE-NAME-HERE}+ -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -i br+ -s 1.2.3.4 -j DROP
[/codesyntax ]

You can replace -I INPUT (insert) with -A INPUT (append) rule as follows:

[codesyntax lang=”php”]

/sbin/iptables -A INPUT -s 1.2.3.4 -j DROP
/sbin/iptables -i eth1 -A INPUT -s 1.2.3.4 -j DROP

[/codesyntax]

How Do I Block Subnet (xx.yy.zz.ww/ss)?

[codesyntax lang=”php”]

Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

[/codesyntax]

How Do I Block and Log Dropped IP Address Information?

You can turn on kernel logging of matching packets with LOG target as follows:
[codesyntax lang=”php”]

# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j LOG --log-prefix "IP DROP SPOOF A:"

[/codesyntax]