top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How would you block an IP which is acting malicious on your internal private VSFTP network?

+1 vote
398 views
How would you block an IP which is acting malicious on your internal private VSFTP network?
posted May 16, 2014 by Brijesh Talwar

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

We can Block IP either by adding the suspicious IP to ‘/etc/hosts.deny’ file or alternatively adding a DROP rule for the suspicious IP to iptables INPUT chain.

Block IP using host.deny file
Open ‘/etc/hosts.deny’ file.

    # vi /etc/hosts.deny

Append the following line at the bottom of the file with the IP address that you want to block access to FTP.

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
vsftpd:172.16.16.1

Block IP using iptables rule
To block FTP access to particular IP address, add the following drop rule to iptables INPUT chain.

iptables -A RH-Firewall-1-INPUT -p tcp -s 172.16.16.1 -m state --state NEW -m
answer May 19, 2014 by Kuldeep Apte
...