Skip to content

Blocking IPs

The firewall program used by the VPS is iptables, or for IPv6 ip6tables

How to block an IP address

The general prompt to block an IP is something like this:

iptables -A <chain> -s <ip_address>/<subnet> [-p <protocol>] [-m <protocol>] [--dport <port>] -j <action> [...]

Where:

  • <chain> is the "space" where the rule has to be enforced
  • <protocol> TCP, UDP or whatever
  • <port> if the connection has o be blocked for a specific port
  • <action> REJECT or DROP

Warning

Remember to 

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
to save permanently the current configuration, otherwise your config will be lost!

Example

iptables -A DOCKER-USER -s 51.159.0.0/16 -p tcp -m tcp --dport 25565 -j REJECT --reject-with icmp-port-unreachable

Iptables chains

In iptables, chains are part of "line of execution", a long list of rules from input, processing, and output.

  • INPUT: The INPUT chain is used to block incoming traffic from the internet
  • OUTPUT: The OUTPUT chain is used to block outgoing traffic from the VPS to the internet
  • DOCKER-USER: The DOCKER-USER chain is used to manage all incoming and outgoing traffic to the docker networks

Warning

The DOCKER-USER chan completly bypasses the INPUT/OUTPUT chains

Blocked IP

IP version IP subnet chain port protocol action reason
IPv4 51.159.0.0 /16 DOCKER-USER 25565 TCP DROP scanner/botnet
IPv4 176.65.0.0 /16 DOCKER-USER 25565 TCP DROP scanner/botnet