Hello everyone. Is it possible to block an IP address and prevent it from accessing the entire server? even the web server (port 80)? We have Linux 6.2 with port sentry.

I think it can be done with the hosts.deny file, but I am not sure if it will block everything including port 80.

Thanks :)

I'd used ipchains .. it's a lot easier and you can also block that ip to all ports, to just a certain ports.. that's really up to you.

How do you use ipchains?

You can use the following statement :

-A input -s <ip address>/<netmask> -d 0.0.0.0/0.0.0.0 <port:port> -j DENY

note that netmask for one IP address would be 255.255.255.255. Also if you want to block all access .. you don't have to enter port number. But if you want to block certain IP address to a certain port.. then enter a port number.

You can even log to see if that IP address is trying to access your server. Just add -l -y to the end of the command .. and it should log it to /var/log/messages.

Read ipchains manual to learn more about it. Ipchains is a simple but powerfull security solution.

Hope that'll help you... :)

Ups... why it didn't print all statement .. hmm..wierd.

Any how...here you.. I just use a fake IP.

ipchains -A input -s 123.123.123.123/255.255.255.255 -d 0.0.0.0/0.0.0.0 80:80 -j DENY

that statement will block IP address 123.123.123.123 from port 80.

Thanks a lot. I got it now. :)

hmnn good idea

I may be a little late but,

to block the ip address 216.215.239.28 for example

You would type this as root

ipchains -A input -s 216.215.239.28 -d 0/0 1:65333 -p tcp -j REJECT

That'll block that IP from connecting to the machine period, blocking ports 1-65333 (VIA tcp that is)

If you just wanted to block 80, replace 1:65333 with 80

Also, if you wanted to block entire 216.215.239.*
run
ipchains -A input -s 216.215.239.0/24 -d 0/0 80 -p tcp -j REJECT

Use that last one wisely, if it's a popular ISP, you might not want to block out the entire C class, could ruin things ;)

0/24 for C
0/16 for B
0/8 for A