Saturday, 8 February 2020

How to Block a Whole Sub Net using Routing Table in CentOS 8




The Linux routing table can block the incoming connection to prevent the Denial of Service (DoS) and save resource utilization. The Linux routing tables can used to block such IP addresses or whole sub net with reject route and null route.

This article describes How to Block a Specific IP Address using Routing Table in CentOS 8.

Block a Whole Sub net: Run the following command to block whole subnet:

[root@linuxcnf ~]# route add -net 192.168.50.0 netmask 255.255.255.0 reject
[root@linuxcnf ~]#

Verify the Changes: Run the following command to verify the changes:

[root@linuxcnf ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.43.1    0.0.0.0         UG    100    0        0 enp0s3
192.168.43.0    0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
192.168.50.0    -               255.255.255.0   !     0      -        0 -
[root@linuxcnf ~]#

Remove Blocked Sub net: Run the following command to allow access for blocked subnet:

[root@linuxcnf ~]# route del -net 192.168.50.0 netmask 255.255.255.0 reject
[root@linuxcnf ~]#

Verify the Changes: Run the following command to verify the changes:

[root@linuxcnf ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.43.1    0.0.0.0         UG    100    0        0 enp0s3
192.168.43.0    0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
[root@linuxcnf ~]#

Done!!! Whole sub nets can be blocked or unblocked using route command. Change sub net according to the environment.

No comments:

Post a Comment