Ban an IP using IP Tables

I’ve been doing this several different ways over the past few years, but I’ve found this works the best for banning an IP address. Remember, if you see a weird domain in netstat you can resolve the IP using traceroute.

A simple script (/usr/bin/ban) that I can use to ban IP addresses quickly and easily.

#!/bin/bash
iptables -I INPUT -s $1 -j DROP
echo $1 was banned

If you wished to make an ‘unban’ script, use the same script and replace -I with -D