Skip to content

Blacklisting IP Addresses with iptables

I’ve been sharpening my iptables skills the last little while. I adapted several methods I found for blacklisting ip addresses to meet my needs. I started off by creating a new chain called BLACKLIST:

root@machine:~# iptables -N BLACKLIST

and run all traffic through the BLACKLIST chain:

root@machine:~# iptables -A INPUT -j BLACKLIST

Obviously that rule needs to be pretty close to the beginning (read the first rule) of the INPUT chain, otherwise, you won’t really be blacklisting traffic, will you? If there are existing rules on the INPUT chain use this command:

root@machine:~# iptables -I INPUT 1 -j BLACKLIST

To ease the blacklisting of IP addresses, I adapted (and fixed bugs in) a shell script found on the web:


echo "Blacklisting $IP."
iptables -A BLACKLIST --src $IP -j LOG --log-prefix \
"Traffic from blacklisted IP: "
iptables -A BLACKLIST --src $IP -j DROP
echo "`date`: $IP" >> /var/log/blacklisted_ips

Put that script in your path, and name it something meaningful, e.g. and blacklist away:

root@machine:~# 457.612.991.843

For more on iptables in Ubuntu, visit this page

Posted in Linux, Ubuntu.

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.