How to Block Specific IPs Using iptables on Debian 12 Bookworm

Introduction

iptables is a powerful command-line firewall utility in Linux systems, including Debian 12 Bookworm. It enables system administrators to manage incoming and outgoing network traffic effectively. One of the common use cases of iptables is blocking specific IP addresses to enhance system security or prevent unwanted traffic.

This guide will walk you through the steps of blocking specific IP addresses using iptables on a Debian 12 system. We will cover basic iptables commands, how to permanently save rules, and additional security measures.

Prerequisites

Before proceeding, ensure that you:

• Have root or sudo access to the Debian 12 system.
• Have iptables installed (it is included by default in most Debian installations).
• Understand basic Linux command-line operations.

Checking iptables Installation

To verify if iptables is installed on your system, run:

sudo iptables --version

If iptables is missing, you can install it using:

sudo apt update && sudo apt install iptables -y

Blocking a Specific IP Address

To block a specific IP address, use the following command:

sudo iptables -A INPUT -s <IP_ADDRESS> -j DROP

For example, to block the IP 192.168.1.100, run:

sudo iptables -A INPUT -s 192.168.1.100 -j DROP

Explanation

• -A INPUT: Appends the rule to the INPUT chain (incoming traffic).
• -s 192.168.1.100: Specifies the source IP address to be blocked.
• -j DROP: Drops packets from the specified IP without responding.

Blocking a Range of IP Addresses

To block an entire subnet, use:

sudo iptables -A INPUT -s 192.168.1.0/24 -j DROP

This blocks all IPs from 192.168.1.0 to 192.168.1.255.

Blocking an IP for a Specific Port

If you want to block an IP from accessing a specific port, such as SSH (port 22), use:

sudo iptables -A INPUT -s 192.168.1.100 -p tcp --dport 22 -j DROP

This prevents the IP 192.168.1.100 from connecting to SSH.

Verifying iptables Rules

After adding rules, verify them by running:

sudo iptables -L -v

This lists all iptables rules along with packet statistics.

Deleting a Rule

If you need to remove a rule, first find its line number:

sudo iptables -L --line-numbers

Then delete the rule using:

sudo iptables -D INPUT <LINE_NUMBER>

Alternatively, remove a specific rule:

sudo iptables -D INPUT -s 192.168.1.100 -j DROP

Saving iptables Rules Permanently

iptables rules do not persist after a reboot unless saved. To ensure rules persist:

1. Install the iptables-persistent package:

   sudo apt install iptables-persistent -y
   

2. Save the current rules:

   sudo netfilter-persistent save
   

3. Reload the saved rules after reboot:

   sudo netfilter-persistent reload
   

Alternatively, manually save rules using:

sudo iptables-save > /etc/iptables/rules.v4

To restore them on boot, add the following line to /etc/rc.local (if available):

iptables-restore < /etc/iptables/rules.v4

Additional Security Measures

Rate Limiting Connections

To limit connections from a single IP (e.g., allow only 10 new connections per minute):

sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Blocking Suspicious Traffic

To drop invalid packets:

sudo iptables -A INPUT -m state --state INVALID -j DROP

To block ping (ICMP) requests:

sudo iptables -A INPUT -p icmp -j DROP

Conclusion

Blocking specific IP addresses using iptables on Debian 12 is a crucial step in securing your server. By following this guide, you can effectively manage unwanted network traffic and protect your system. Remember to save your iptables rules to ensure they persist across reboots and to regularly audit your firewall rules to keep your system secure.

Would you like to explore more advanced firewall configurations? Let us know in the comments!