From time to time I find myself having to go through man pages and googling for some simple iptable rules. This post is meant as a cheatsheet for me, so I can concentrate here various rules and remarks.
I hope others will benefit from this cheatsheet as well. Intend to expand it over time as I gather more rules and tips, so bookmarking the post might be a good idea. Last but not least, if you have some useful iptables rules I’ve missed please send them using the comments.
Blocking specific IPs
iptables -I INPUT -s "184.108.40.206" -j DROP
Blocking a range of IPs (IP block)
iptables -I INPUT -s "220.127.116.11/24" -j DROP
The number after the slash (/) determines the number of bits (starting with the most significant one) considered when matching an IP address. For example the above rule will block any packets from 207.58.140.* . Other useful number of bits are 16 (for matching the first two octets) and 8 (only the first octet).
Just specify the rule after a
-D flag. E.g.
iptables -D INPUT -s "18.104.22.168" -j DROP
Saving new rules