Results 1 to 8 of 8
  1. #1
    Join Date
    Nov 2005

    Best way to block IP

    I am curious, what is the best way to ban certain IP from accessing server? I have software firewall (APF) and there is, of course, /etc/hosts.deny.
    Which is the most efficient? I've read that software firewall becomes unstable after so many entries. Does the same apply to /etc/hosts.deny file?

    Or is there a better way altogether?

  2. #2
    Join Date
    Mar 2009
    You can also null-route IPs with the routing table :

    Single IP :
    ip route add blackhole

    Netmask :
    ip route add blackhole

    To unblock :
    ip route del
    ip route del

  3. #3
    Join Date
    Nov 2005
    How large can the routing table be for stable operation of the server?
    Is it static/permanent? I mean, if I reboot the server, does routing table still remain the same?

    If I blok IP via routing table, can they ping the server? Or flood it?

  4. #4

    I would suuggest you to use a firewall like csf or apf which will be easy to manage.Adding in /etc/csf/deny.conf wil block it permanently.
    Last edited by linux-engineer; 07-08-2009 at 06:13 AM.

  5. #5
    You can also directly use iptables for the same.

    To block an IP from accessing any ports on the server :

    iptables -I INPUT -s XX.XX.XX.XX -j DROP

    To block an IP from accessing a particular port on the server :

    iptables -A INPUT -s XX.XX.XX.XX -p tcp --destination-port XX -j DROP

  6. #6
    Install CSF (

    Guide to install it is here:

    csf -d XX.XX.XX.XX

  7. #7
    Join Date
    Mar 2009
    If you reboot, it's all gone. The best way is simply to write a start up script with the IPs you want to block so that it will be easier for you to add/delete them without messing with your config files:

    IP='ip route add blackhole'
    You can't ping at all, both ways. This IP coud not connect to your server and your server could not connect to it either. It's a blackhole.

  8. #8
    You should try csf firewall it is easy to manage,
    You can install by using the following steps and can block a particular IP address,

    1) Log into your server and switch to the root user
    2) Switch directories to your download directory
    3) Download the latest version of the software: # wget
    4) Untar the package: # tar -xzf csf.tgz
    5) Switch into the new extracted folder: # cd csf
    6) Run the installer: # sh
    7) If you are still running APF and BFD on your server it is necessary to disable those applications: # sh

    After that just use the command csf -d ip that you want to block
    eg : csf -d

    You can also configure CSF and LFD from WHM.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

Similar Threads

  1. How to Block a Block of IP'S
    By LP560 in forum Hosting Security and Technology
    Replies: 3
    Last Post: 01-10-2007, 05:45 PM
  2. To block or not to block mouse right bottom click?
    By Oleks in forum Web Design and Content
    Replies: 56
    Last Post: 02-23-2005, 12:53 PM
  3. Using .htacces block how do i block .css downloads
    By Mosaic in forum Programming Discussion
    Replies: 10
    Last Post: 10-01-2004, 11:26 AM
  4. Replies: 1
    Last Post: 05-19-2004, 07:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts