Quickly (and temporarily) block an IP address
Copyright (C) 2017, 2018, 2019, 2020 Timothe Litt
When your machine is under attack from an unexpected source, the last thing that you want to
do is remember the iptables syntax for adding an immediate blocking rule.
ipblock addresses this issue. Simply say
ipblock 192.0.2.66, ipblock 2001:db8::66, or ipblock evil.example.net
All packets from that address will be dropped.
ipblock only adds a single rule to your iptables and/or ip6tables rulesets, no
matter how many addresses (up to the ipt_recent limit) are blocked. This rule is
inserted at the top of the specified chain, thus taking precedence over any other exceptions.
The rule is only added the first time that ipblock is run, so your iptables rules are not reloaded.
Additional command options allow you to:
- Remove an address from the block list
- Remove all addresses from the block list
- List currently blocked addresses and last seen time
- Save the current blocked address list as a script
- Disable the block list (removing the extra
iptablesrule - Customize the table name and/or chain used
Options, including the desired chain, should be specified in the configuration file.
ipblock -h for complete help
Download the latest ipblock-n.m.o-Release tarball and signature using
the tar.gz or tar.xz and .sig links at
GitHub.
- Do NOT use the Clone or download link on the main
ipblockpage. - Building or installing from source requires
lowdown
Verify and npack the tar.gz:
gpg --verify ipblock<n>.<m>-Release.tar.gz.sig && \
tar -xzf ipblock<n>.<m>-Release.tar.gz
This will create a subdirectory named ipblock-<version>.
cd to that directory.
make install
This will install ipblock in /usr/local/bin, which should be in your PATH
A man page will be installed in /usr/local/share/man.
You can install elsewhere by specifying a prefix, as in:
make prefix=/opt install
See Makefile for other options.
Select an iptables chain and specify it in ipblock.conf, which will be in /etc/default or /etc/sysconfig
To avoid locking yourself out, specify a chain that INPUT calls AFTER guard rules that protect your local network. E.g. in your standard rules, start with:
iptables -N BLOCKED
iptables -A -i lo -j ACCEPT
iptables -A INPUT -s mylan,trustedpublic -j ACCEPT
iptables -A INPUT -j BLOCKED
and in ipblock.conf
OPTIONS="-C BLOCKED"
Read the disclaimer before running the ipblock command.
If you didn't save the unpacked tarball directory, re-create it following the directions for Installation.
Then
cd to that directory.
make uninstall
If you selected a different installation directory, include the prefix, e.g.:
make prefix=/opt uninstall
If you are uninstalling due to a defect or concern, feel free to create a bug report.
Copyright (c) 2017, 2018, 2019, 2020, 2021, 2023 Timothe Litt
This is free software; the author disclaims all responsibility for its use, reliability and consequences.
The name of the author may not be used to endorse any product, but must be retained in the documentation and code. Any modifications must be clearly documented and attributed, and are the responsibility of their author.
This notice and the copyright statements must be retained in all copies (complete or partial) of this software and documentation. See LICENSE for details.
CAUTION: No checks are performed on the specified address; you can block systems on your local network, or even the local host itself.
Please raise bug reports or suggestions on the issues tracker.
Always include ipblock -V, ipblock -L, iptables -V, and ip6tables -V.
If there is any error or warning message, include the full terminal session.
Suggestions and/or praise are also welcome.