DDoS and suspicious attacks from source IP addresses can exhaust services and system resources. This tutorial show the commands to block IP address on common Linux Kernel Firewalls
Fire up a terminal and log on to the server by using SSH and then complete the steps for firewalld in the first chapter. The second chapter shows the commands for UFW, and the third shows using iptables.
Block IP address using Linux firewall
firewalld
is on RHEL 7 and later, CentOS 7, Fedora 18 and later.

To ensure that firewalld
is running on your server, run the following command. If firewalld
is not running, go to the iptables chapter.
$ sudo systemctl status firewalld
Run the following command to block the IP address using Linux Firewall and to add the rule to the permanent set:
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"
Run the following command to reload the firewalld
rules:
$ sudo firewall-cmd --reload
Run the following command to list and verify the new rule:
$ sudo firewall-cmd --list-all
Run the following command to remove a blocked IP address.
$ sudo firewall-cmd --remove-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"
Run the following command to verify the firewalld
is running.
$ firewall-cmd --state
Uncomplicated Firewall (UFW)
ufw
is available on Debian 6 and later, Ubuntu 8.04 LTS and later.
To ensure that ufw
is running on your server, run the following command. If ufw
is not running, go to the iptables chapter.
$ sudo systemctl status ufw
Run the following command to block the IP address:
$ sudo ufw deny from xxx.xxx.xxx.xxx to any
Run the following command to list and verify the new rule:
$ sudo ufw status
Run the following command to remove a blocked IP address.
$ sudo ufw delete 7
Run the following command to show numbered list of firewall rules.
$ ufw status numbered
Block IP addresses using Linux iptables chains
iptables
is commonly pre-installed on all Linux distributions.
Run the following command to block the IP address:
$ sudo iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP
Run the following command to save the settings. The settings persist after the server reboots.
$ sudo service iptables save
Run the following command to list and verify the new rule:
$ sudo iptables -vnL
Run the following command to delete a iptables chain.
$ sudo iptables -D INPUT 7
Run the following command to show numbered list of iptables chains.
$ sudo iptables -L --line-numbers
The next related post might also be helpful, see in Block suspicious IP with Linux firewall daemon.