Knowing how to Whitelist and Blacklist IPs in your firewall can be very important when you want to allow or deny connection to your server, based on an IP address. Below we will cover how to allow and deny connections from IPs in IP Tables, Firewalld, and UFW.<\/p>\n
IPTables:
\nAllowing or Denying connections from IPs in IP Tables is quite simple. To accept the connection, or whitelist the IP, you would use the following command (where 1.1.1.1 is the IP you want to allow through the Firewall):<\/p>\n
\n# sudo iptables -A INPUT -s 1.1.1.1 -j ACCEPT\n<\/pre>\nDenying the IP is very similar, just changing ACCEPT to DROP:<\/p>\n
\n# sudo iptables -A INPUT -s 1.1.1.1 -j DROP\n<\/pre>\nYou can also change DROP or REJECT if you want your server to respond back to the request with a Rejection instead of just dropping the traffic all together.<\/p>\n
Firewalld:
\nTo whitelist IPs on Firewall-CMD, we’ll want to use the –add-source flag. We can whitelist an IP or an IP Subnets via the following commands:<\/p>\n\n# firewall-cmd --permanent --zone=public --add-source=1.1.1.1\n<\/pre>\nRange:<\/p>\n
\n# firewall-cmd --permanent --zone=public --add-source=1.1.0.0\/16\n<\/pre>\nBlocking an IP is a bit difficult, as it requires a more complex command. The command that you would want to use to block traffic from an IP would be:<\/p>\n
\n# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.1.1 reject"\n<\/pre>\nRange:<\/p>\n
\n# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.0.0\/16 reject"\n<\/pre>\nWe can also view all of the whitelisted IPs in our zone via:<\/p>\n
\n# firewall-cmd --permanent --zone=public --list-sources\n<\/pre>\nUFW:
\nAllowing and blocking IPs in UFW is very simple and straight forward. We can allow connections from a specific IP via the following command:<\/p>\n\n# sudo ufw allow from 22.33.44.55\n<\/pre>\nBlocking and IP is just as simple, with the following command:<\/p>\n
\n# sudo ufw deny from 22.33.44.55\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Knowing how to Whitelist and Blacklist IPs in your firewall can be very important when you want to allow or deny connection to your server, based on an IP address. Below we will cover how to allow and deny connections from IPs in IP Tables, Firewalld, and UFW. IPTables: Allowing or Denying connections from IPs … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,52],"tags":[],"class_list":["post-4222","post","type-post","status-publish","format-standard","hentry","category-administration","category-iptables"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/4222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=4222"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/4222\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=4222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=4222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=4222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}