We can Block IP either by adding the suspicious IP to ‘/etc/hosts.deny’ file or alternatively adding a DROP rule for the suspicious IP to iptables INPUT chain.
Block IP using host.deny file
Open ‘/etc/hosts.deny’ file.
# vi /etc/hosts.deny
Append the following line at the bottom of the file with the IP address that you want to block access to FTP.
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
vsftpd:172.16.16.1
Block IP using iptables rule
To block FTP access to particular IP address, add the following drop rule to iptables INPUT chain.
iptables -A RH-Firewall-1-INPUT -p tcp -s 172.16.16.1 -m state --state NEW -m