I’ve been doing this several different ways over the past few years, but I’ve found this works the best for banning an IP address. Remember, if you see a weird domain in netstat you can resolve the IP using traceroute.
A simple script (/usr/bin/ban) that I can use to ban IP addresses quickly and easily.
#!/bin/bash
iptables -I INPUT -s $1 -j DROP
echo $1 was banned
If you wished to make an ‘unban’ script, use the same script and replace -I with -D