Skip to content

Blacklisting IP Addresses with iptables (Redux)

The stuff in my last post just felt wrong, so wrong I couldn’t get to sleep last night. I figured out I didn’t like having all the duplicated rules, it seems like bad form to have two rules for each IP you want to blacklist. So I revised it:

root@machine:~# iptables -N BLACKLIST
root@machine:~# iptables -A BLACKLIST -s 0/0 -j LOG \
--log-prefix "Traffic from blacklisted IP: "
root@machine:~# iptables -A BLACKLIST -s 0/0 -j DROP

The change is the BLACKLIST chain simply logs and drops *all* traffic sent to it. Now we modify the like so:


echo "Blacklisting $IP."
iptables -A INPUT --src $IP -j BLACKLIST
echo "`date`: $IP" >> /var/log/blacklisted_ips

I believe this to be a simpler, cleaner, and more managable way of blacklisting IPs.

Update: make sure you remove the -A INPUT -J BLACKLIST rule!!!

Posted in Linux, Ubuntu.

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.