How do I block attackers IP with null routes ?
Written by tag Tuesday, 13 August 2013 19:58
Nullroute IP using route command
Suppose that bad IP is 123.123.123.123, type following command at shell:
# route add 123.123.123.123 gw 127.0.0.1 lo
You can verify it with following command:
# netstat -nr
OR
# route -n
You can also use reject target:
# route add -host IP-ADDRESS reject # route add -host 123.123.123.123 reject
To confirm the null routing status, use ip command as follows:
# ip route get 123.123.123.123
Output:
RTNETLINK answers: Network is unreachable
Drop entire subnet 192.67.16.0/24:
# route add -net 192.67.16.0/24 gw 127.0.0.1 lo
You can also use the ip command to null route network or ip, enter:
# ip route add blackhole 123.123.123.123/29 # route -n
How do I remove null routing? How do I remove a blocked IP address?
Simple use the router delete command,
# route delete 123.123.123.123
