Block Attackers IP Address With Null Routes On a Linux

Block Attackers IP Address With Null Routes On a Linux

Someone might attack your Linux-Centos-RedHat based system. You can drop attacker IP addresses using IPtables. However, you can also use the route or ip command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere.

The act of using null routes is often called blackhole filtering.

 

Nullroute IP using route command

Suppose that bad IP is 65.21.34.4, type the following command at shell:
# route add 65.21.34.4 gw 127.0.0.1 lo

 

You can verify it with the following command:
# netstat -nr

 

To drop entire subnet 192.67.16.0/24, type:
# route add -net 192.67.16.0/24 gw 127.0.0.1 lo

 

How do I remove null routing? How do I remove blocked IP address?

Simple use the route delete command as follows:
# route delete 65.21.34.4

OR
# route del -host 65.21.34.4 reject

 

Or use NA command to delete route:
# ip route delete 1.2.3.4/26 dev eth0

 

 

Or To Reject instead of BlackHole: – Though Blackhole they sit and wait for a response which is a further annoyance to the slammer.

route add 65.21.34.4 reject