How to Block an IP Using iptables:
To block an IP address, use the following command:
iptables -A INPUT -s xx.xx.xx.xx -j DROP
(Replace xx.xx.xx.xx with the IP address you want to block.)
How to Block an IP from Accessing a Specific Port:
To block an IP from accessing a particular port:
iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j DROP
(Replace xx.xx.xx.xx with the IP address and PORT with the port number to block.)
How to Allow Access to an IP:
To allow access from a specific IP:
iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT
(Replace xx.xx.xx.xx with the IP address you want to allow.)
How to Allow Access to an IP for a Specific Port:
To allow access from an IP to a specific port:
iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j ACCEPT
(Replace xx.xx.xx.xx with the IP address and PORT with the port number to allow access.)
How to Block a Scanner on Your Server (e.g., "blablabla.at.ISC.SANS") Using iptables:
To block a scanner, you can use the following command:
iptables -I INPUT -p tcp --dport 80 -m string --algo bm \
--string 'GET /blablabla.at.ISC.SANS.' -j DROP
For more information on common iptables rules, refer to this article: Basic and Most Common iptables Rules
