After an attack is detected from a particular IP address, you can use the following iptables rules as a network layer response that falls into the filtering category. These rules are added to the INPUT, OUTPUT, and FORWARD chains; they block all communications (regardless of protocol or ports) to or from the IP address 144.202.X.X:
[iptablesfw]# iptables -I INPUT 1 -s 144.202.X.X -j DROP
[iptablesfw]# iptables -I OUTPUT 1 -d 144.202.X.X -j DROP
[iptablesfw]# iptables -I FORWARD 1 -s 144.202.X.X -j DROP
[iptablesfw]# iptables -I FORWARD 1 -d 144.202.X.X -j DROP
There are two rules in the FORWARD chain to block packets that originate from 144.202.X.X (-s 144.202.X.X) as well as responses from internal systems that are destined for 144.202.X.X (-d 144.202.X.X). If you use iptables as your network sentry, then the above rules provide an effective network choke point against the 144.202.X.X address.
Was this article helpful?