In this article, I will show you how you can enable a firewall in your Linux machine and using a Firewall how can you Block any malicious IP and make your server secure. So let’s get started.
What is a Firewall
Now you may be wondering what is a Firewall, so according to Wiki, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
So basically a Firewall is a security system that monitors your incoming and outgoing traffic and either blocks or allows any IP based on the security rules. Now we know that a firewall consists of security rules, so we need to know how can we add a new security rule and how can we block or allow any IP to our server.
How to Do it in CentOS 6
CentOS is a Linux distribution that provides a free, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux. It is very popular and used as the default server with WHM/Cpanel. So a lot of people use CentOS without even knowing they are using it with their WHM/Cpanel system. Amazon Linux 1 is also a CentOS 6 based operating system, so it’s important to know, how can we enable a firewall in CentOS 6 and secure our server.
First of all we need to install IPTABLES if not installed with your CentOS 6. To install iptables in your server, please run the following command
sudo yum install iptables -y
Now as we have done our setup, so need to create security rules for allowing and blocking any IP address. To block any IP address please run the following command.
sudo iptables -A INPUT -s 192.168.1.3/32 -p tcp --destination-port 80 -j DROP
sudo iptables -A INPUT -s 192.168.1.3/32 -p tcp --destination-port 443 -j DROP
I have written a Shell script which you can use to block multiple IP’s all together. Let me share it with you.
while IFS= read -r line
sudo iptables -D INPUT -s $line -p tcp --destination-port 80 -j DROP
sudo iptables -D INPUT -s $line -p tcp --destination-port 443 -j DROP
sudo iptables -A INPUT -s $line -p tcp --destination-port 80 -j DROP
sudo iptables -A INPUT -s $line -p tcp --destination-port 443 -j DROP
done < "$input"
sudo service iptables save
So, this is the code, which you need to paste into any .sh file. After that, you need to place the malware.txt file in this folder “/var/www/blacklist”. When you have do placing the file, then you run the .sh file and all those IP addresses listed in that “malware.txt” file will be added to your Firewall blocklist.
I hope this will help you to secure your server by blocking malicious IP addresses. Interested in more security tips like this, then please view my other articles here.