# Запретить доступ на 80 порт iptables -A INPUT -p tcp --destination-port 80 -j DROP # Запретить пинг iptables -A INPUT -p icmp -j DROP # Запретить IP iptables -I INPUT -s 1.2.3.4 -j DROP # Запретить исходящий трафик с IP 192.168.1.200 iptables -A OUTPUT -s 192.168.1.200 -j DROP # Удалить правило запрета IP iptables -D INPUT -s 1.2.3.4 -j DROP # Вывести список правил iptables -L -n -v --line-numbers
https://www.cyberciti.biz/faq/linux-iptables-drop/
https://serverfault.com/questions/592061/block-range-of-ip-addresses
Сделать правила постоянными (по умолчанию они живут до перезагрузки)
# In order to make your iptables rules persistent after reboot, install the iptables-persistent package using the apt package manager: sudo apt install iptables-persistent # Any currently erected iptables rules will be saved to the corresponding IPv4 and IPv6 files below: /etc/iptables/rules.v4 /etc/iptables/rules.v6 # To update persistent iptables with new rules simply use iptables command to include new rules into your system. # To make changes permanent after reboot run iptables-save command: sudo iptables-save > /etc/iptables/rules.v4 # OR sudo ip6tables-save > /etc/iptables/rules.v6
To remove persistent iptables rules simply open a relevant /etc/iptables/rules.v*
file and delete lines containing all unwanted rules.
https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux