There are a few different ways to block an IP address in Debian / Ubuntu. This article describes one way to block an IP address using the null routing reject command.

Temporally Block An IP Address

Use the following command to temporally block an IP address. To permanently block an IP address, see the section “Permanently Block an IP Address” below.

/sbin/route add -host 192.168.1.100 reject

Replace 192.168.1.100 with the IP address that you would like to block.

Block An IP Subnet

Use the following command to block an IP subnet.

/sbin/route add -net 192.168.1.0/24 reject

Unblock An IP Address

Use the following command to unblock an IP address.

/sbin/route del -host 192.168.1.100 reject

– or –

/sbin/route delete 192.168.1.100

Replace 192.168.1.100 with the IP address that you would like to unblock.

List Blocked IP Addresses

If you need to see a list of the current blocked IP’s via route, use the command below.

/sbin/route -n

– or –

netstat -nr

Note: Not everything listed using the above command is a blocked IP address.

Permanently Block an IP Address

When using the method above, the blocked IP address routing will be lost once your server is rebooted. To fix this we need to place two lines of code in the /etc/network/interfaces file.

vi /etc/network/interfaces

Find the interface you are using (i.e. – eth0, eth1, bond0, etc.), and add this to the end of the section. Don’t forget to add the actual IP address that needs to be blocked in place of 192.168.1.100.

up route add -host 192.168.1.100 reject
down route del -host 192.168.1.100 reject

Restart the networking daemon.

service networking restart

Permanently Block an IP Subnet

vi /etc/network/interfaces

Find the interface you are using (i.e. – eth0, eth1, bond0, etc.), and add this to the end of the section. Don’t forget to add the actual IP address and subnet that needs to be blocked in place of 192.168.1.0/24.

up route add -net 192.168.1.0/24 reject
down route del -net 192.168.1.0/24 reject

Restart the networking daemon.

service networking restart







Pin It on Pinterest

Share This