Board index Linux Linux - Tips&Tricks

Moderator: chandranjoy

How to DROP or BLOCK an IP with route command?

Postby chandranjoy » Sun Sep 05, 2010 3:23 pm

How do I Drop or block attackers IP with null routes?

Someone might attack on your system. You can drop attacker IP using IPtables. However, you can use route command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.

You can nullroute (like some time ISP do prevent your network device from sending any data to a remote system.) stopping various attacks coming from a single IP (read as spammers or hackers):

Nullroute IP using route command

Suppose that bad IP is 65.21.34.4, type following command at shell:
# route add 65.21.34.4 gw 127.0.0.1 lo


You can verify it with following command:
# netstat -nr


OR
# route -n


You can also use reject target (thanks to Gabriele):
# route add -host IP-ADDRESS reject
# route add -host 64.1.2.3 reject


To confirm the null routing status, use ip command as follows:
# ip route get 64.1.2.3


Output:
RTNETLINK answers: Network is unreachable

Drop entire subnet 192.67.16.0/24:
# route add -net 192.67.16.0/24 gw 127.0.0.1 lo


You can also use ip command to null route network or ip, enter:
# ip route add blackhole 202.54.5.2/29
# route -n


How do I remove null routing? How do I remove blocked IP address?
Simple use router delete command,
# route delete 65.21.34.4


This is cool, as you do not have to play with iptables rules.


Cheers :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Linux - Tips&Tricks

Who is online

Users browsing this forum: No registered users and 1 guest


cron