I am getting bombarded with attempted hacks from China all with similar IPs.
How would I block the IP range with something like 116.10.191.* etc.
I am running Ubuntu Server 13.10.
The current line I am using is:
sudo /sbin/iptables -A INPUT -s 116.10.191.207 -j DROP
This only lets me block each one at a time but the hackers are changing the IPs at every attempt.
Best Answer
To block 116.10.191.* addresses:
$ sudo iptables -A INPUT -s 116.10.191.0/24 -j DROP
To block 116.10.*.* addresses:
$ sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP
To block 116.*.*.* addresses:
$ sudo iptables -A INPUT -s 116.0.0.0/8 -j DROP
But be careful what you block using this method. You don't want to prevent legitmate traffic from reaching the host.
edit: as pointed out, iptables evaluates rules in sequential order. Rules higher in the ruleset are applied before rules lower in the ruleset. So if there's a rule higher in your ruleset that allows said traffic, then appending (
iptables -A
) the DROP rule will not produce the intended blocking result. In this case, insert (iptables -I
) the rule either:sudo iptables -I ...
sudo iptables --line-numbers -vnL
say that shows rule number 3 allows ssh traffic and you want to block ssh for an ip range.
-I
takes an argument of an integer that's the location in your ruleset you want the new rule to be insertediptables -I 2 ...