Defense
Block IP addresses in Linux with iptables
Use iptables and ipset to create a blacklist and block one or more IP addresses on Linux. This guide will explain how to use and configure blacklists.
Summary
Most system administrators will already be familiar with iptables. It is around for quite a while and is enabled by default within the Linux kernel. We can use iptables to block one, multiple IP addresses, or even full networks. This may come in handy when you get repeating port scans or see failed login attempts in your log files. Time to get started and block some IP addresses!
Check existing iptables configuration
The first step is to validate existing iptables rules. We will use an empty ruleset for test purposes.