View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Best way to block IPs completely from Linode?
Log in to Ask a Question

Best way to block IPs completely from Linode?

networking

I am wondering what the best way to block certains IPs from a Linode would be.

Would it be best to install a full firewall product? My main concern is something like iptables seems to need a custom kernel, and I do not know anything about UML or the way the kernel works in a UML environment.

I am very comfortable re-compiling kernels on normal boxes, but I am not sure how this would affect a linode.

Anyone have any suggestions?

8 Replies

iptables doesn't need a custom kernel. It's true that iptables is controlled from kernel options, but most kernels - including the standard ones on Linode - enable it by default.

I'm not quite sure how to use it myself, but I can tell you that it's enabled and works - at least on my Linode, and I haven't done anything special with iptables.

Hmm I tried to emerge iptables in gentoo on my linode, but it would not compile because it could not access the kernel source.

Any ideas? I coudl emerge one of the various kernel sources but I would wonder if it is different the the actual kernel being used on the linode.

iptables comesby deafult because it is required by the kernal to run (i think does on my home box) so try that i use webmin to edit my tptables rules

@Crisis:

I am wondering what the best way to block certains IPs from a Linode would be.
If you already know which ips you want to block, put the ips in /etc/hosts.deny . (ALL: aaa.bbb.ccc.ddd)

Will /etc/hosts.deny block all traffic from those IPS (TCP, UDP, ICMP etc) ?

Linode Staff

@Crisis:

Hmm I tried to emerge iptables in gentoo on my linode, but it would not compile because it could not access the kernel source.
Lame bug in Gentoo. From another Linode user: "One work-around is to comment out the check_KV function in the iptables build."

All it wants is version.h…

-Chris

Thanks I got it installed and have been able to add rules to block IPs ;)

@Crisis:

Will /etc/hosts.deny block all traffic from those IPS (TCP, UDP, ICMP etc) ?
man hosts_access

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct