❌How to Block Internet Connection Using IPTables Tools

Introduction

Iptables is a tool or application that functions as a firewall in the Linux operating system. With iptables, you can manage network traffic on the server such as allowing, blocking or skipping incoming and outgoing connections, managing ports and so on. Iptables is a firewall application that is used by default on various Linux distributions, especially on servers that do not use graphical control panels such as cPanel or Plesk Panel.

Iptables works by reading network traffic and comparing it with a set of rules that have been created. The rules in iptables are in the form of a table consisting of a series of rules or rules called a chain. There are three main tables in Iptables, namely Filter, NAT and Mangle. In this article, we will focus on discussing Filter tables because they are most often used in server operations with the Linux operating system.

Configuration

Debian 10-Server

Install Package

apt install proftpd -y

Change the contents of the proftpd file

nano /etc/proftpd/proftpd.conf

#DefautRoot
*change to
DefautRoot

Restart proftpd Service

/etc/init.d/proftpd restart

Check the service from the client browser by typing the URL: ftp://IP-Internet

Example : ftp://192.168.91.150

Configuration IPTables

Debian 10-Router

iptables 1

iptables this time aims to block all packets originating from the ip pool 192.168.91.0/24

iptables -A INPUT -s 192.168.91.150/24 -j DROP

iptables 2

iptables this time aims to block all packets originating from the Debian 10- Router's ens33 interface

iptables -A INPUT -i ens33 -j DROP

iptables 3

iptables this time aims to block all packets that will be sent to our local IP, namely 11.1.25.0/24

iptables -A OUTPUT -s 11.1.25.1/24 -j DROP

iptables 4

iptables this time aims to block all packets that will be sent to the Debian 10- Router's ens36 interface

iptables -A OUTPUT -o ens36 -j DROP

iptables 5

Port 21

iptables this time aims to block all packets that will be sent to port 21 (FTP's default port) on the Debian 10- Router

iptables –A INPUT –p tcp --dport 21 –j DROP

To check whether port 21 has been blocked or not, you can check by going to Windows-Client then browsing to the Debian 10-Router's FTP service address by doing

ftp://11.1.25.254
*or
ftp://192.168.91.150

Port 22

iptables this time aims to block all packets that will be sent to port 22 (SSH's default port) on the Debian 10- Router

iptables –A INPUT –p tcp --dport 22–j DROP

To check whether port 22 has been blocked or not, you can check by going to Windows-Client then SSH using putty/cmd to the Debian 10-Router by doing

ssh [email protected]

iptables 6

Block Ping

iptables this time aims to block ping packets that will be sent to the Debian 10- Router's ens33

iptables –A INPUT –s ens33 –p icmp –j DROP

To check whether the firewall blocking pings has been successful or not, you can check by going to Windows-Client then pinging the Debian 10-Router's Internet IP using this method.

ping 192.168.91.150
*make sure the result is "Request Time Out"

Reject Ping

iptables this time aims to reject ping packets that will be sent to the Debian 10- Router's ens33

iptables –A INPUT –i ens33 –p icmp -j REJECT

To check whether the firewall rejecting the ping packet has been successful or not, you can check by going to Windows-Client then pinging the Debian 10-Router's Internet IP using this method.

ping 192.168.91.150
*make sure the result is "Destination Port Unreachable"

Configuration is Completed

iptables -nvL
PreviousInstallation 4VMNextHow to Create Rules to Create Strong Passwords for Users

Last updated