block connections from specific domains or IP addresses

fareast_mzh

已于 2024-10-24 14:27:21 修改

阅读量1k

点赞数 26

文章标签： tcp/ip 网络协议网络 1024程序员节

于 2024-10-10 15:15:26 首次发布

本文链接：https://blog.csdn.net/fareast_mzh/article/details/142822462

版权

To block connections from specific domains or IP addresses on your system, you can use various methods depending on your setup. Here are a few methods you can follow:

1. Blocking using UFW (Uncomplicated Firewall)

If you’re using UFW (commonly installed on Ubuntu and other Debian-based systems):

Check if UFW is installed:
```
sudo ufw status
```
If UFW is not installed, install it:
```
sudo apt-get install ufw
```
Enable UFW:
```
sudo ufw enable
```

Block specific IP addresses or domains:
You can block IP addresses by adding rules for each one:

sudo ufw deny from 222.142.102.36 # 13.171.broad.ha.dynamic.163data.com.cn
sudo ufw deny from 125.43.76.252 # hn.kd.ny.adsl

在这里插入图片描述

Check UFW status to ensure the rules have been added:
```
sudo ufw status numbered
```

2. Using iptables

iptables is a more advanced tool for managing network traffic and is highly configurable. You can block IP addresses using the following steps:

Block incoming traffic from the domain/IP:
Assuming you’ve resolved the domain names to their IPs, use:

sudo iptables -A INPUT -s <IP_address> -j DROP

For example:

sudo iptables -A INPUT -s 222.142.102.36 -j DROP
sudo iptables -A INPUT -s 125.43.76.252 -j DROP

sudo iptables -I ufw-user-input 3 -s 170.64.182.116/24 -j DROP
sudo iptables -L ufw-user-input --line-numbers

Chain ufw-user-input (1 references)
num target prot opt source destination
1 DROP all – hn.kd.ny.adsl anywhere
2 DROP all – hn.kd.ny.adsl anywhere
3 DROP all – 1180675.cloudwaysapps.com/24 anywhere
4 DROP all – 170.64.139.15 anywhere

To block IP addresses for Open??? specifically, you can modify rules for the tun0 interface (if that’s the interface used for Open???):
```
sudo iptables -A INPUT -i tun0 -s <IP_address> -j DROP
```
Make iptables rules persistent:
After setting the rules, you’ll want them to be persistent across reboots:
```
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
```

3. DNS-level Blocking

If you’re using dnsmasq or another DNS resolver, you can block connections by creating rules at the DNS level:

Install dnsmasq:
```
sudo apt-get install dnsmasq
```
Edit the configuration file to block these domains:
Add the following lines to /etc/dnsmasq.conf:
```
address=/hn.kd.ny.adsl/0.0.0.0
address=/13.171.broad.ha.dynamic.163data.com.cn/0.0.0.0
```
Restart dnsmasq:
```
sudo systemctl restart dnsmasq
```

4. Blocking at the Open??? level

You can also configure Open??? itself to block connections from these IP addresses:

Edit your Open??? server configuration file (server.conf) to add:

route 13.171.broad.ha.dynamic.163data.com.cn 255.255.255.255 net_gateway
route hn.kd.ny.adsl 255.255.255.255 net_gateway

Restart the Open??? service:
```
sudo systemctl restart open???@server
```

These methods should help you block unwanted traffic from the specified domains or IP addresses. You may want to double-check the IPs resolved for the domain names using a DNS lookup tool.

How to validate?

To disable IP address-to-domain name conversion in iftop and display only IP addresses, you’re correct to use the -n option. Here’s the full command:

sudo iftop -i enp1s0 -P -n

Explanation of the options:

-i enp1s0: Specifies the network interface (enp1s0) you want to monitor. Replace enp1s0 with the appropriate interface on your system (you can check your interface name using ip a).
-P: Show ports along with the IP addresses.
-n: Prevents hostname resolution, so you’ll see the IP addresses (e.g., 125.43.76.252) rather than domain names like hn.kd.ny.adsl.

This way, you’ll get real-time network traffic showing only IP addresses, which can help you identify the connections more clearly without DNS resolution.

The port 1194 rules should go at the tail end of the ufw-user-input chain
so that the packet passes through the other rules first, otherwise DROP rules do not take effect.

To move the two “DROP” rules to the beginning of the ufw-user-input chain, you can do this by deleting the current rules and re-adding them at the top of the chain. Here’s how you can accomplish that:

Step 1: Delete the existing DROP rules

To delete the specific rules, you can use the rule numbers from the output of iptables -L --line-numbers or use iptables-save format directly. First, let’s list the rules with line numbers:

sudo iptables -L ufw-user-input --line-numbers

This will show the rules along with their corresponding line numbers.

Once you have identified the line numbers of the two DROP rules, you can delete them using:

sudo iptables -D ufw-user-input <line_number_of_222.142.102.36_drop_rule>
sudo iptables -D ufw-user-input <line_number_of_125.43.76.252_drop_rule>

For example, if the rules were on lines 10 and 11:

sudo iptables -D ufw-user-input 10
sudo iptables -D ufw-user-input 10

When you delete a rule by its line number, the subsequent rules shift up, and the line numbers are adjusted accordingly.

So, after deleting line 10, the original line 11 will become the new line 10. Therefore, you should execute the command to delete line 10 twice.

Step 2: Re-add the DROP rules to the beginning

Now, you can re-add the DROP rules at the top of the ufw-user-input chain:

sudo iptables -I ufw-user-input 1 -s 222.142.102.36/32 -j DROP
sudo iptables -I ufw-user-input 2 -s 125.43.76.252/32 -j DROP

Step 3: Verify the order

Check if the rules are now at the top:

sudo iptables -L ufw-user-input --line-numbers

You should now see the DROP rules at the top, ensuring they take effect before the other rules.

Step 4: Save the rules (optional)

To make sure the changes persist across reboots, save the iptables rules:

sudo iptables-save > /etc/iptables/rules.v4
# sudo apt-get install iptables-persistent
sudo netfilter-persistent save

This will ensure the changes persist.