-2

I'm trying to block a specific IP using IPTables. When I use the following shell command (Xs to hide the actually IP):

iptables -A INPUT -s XXX.XXX.XXX.XXX/32 -j DROP

I get the following line added to IPTables:

DROP       all  --  XXX-XXX-XXX-XXX.dhcp.trcy.mi.charter.com  anywhere

What's going on here? Why is it appearing like that? It doesn't look right at all.

My set up is a Raspberry Pi connected to my home router, connected to the internet.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
hojkoff
  • 149
  • 1
  • 8
  • 1
    Whilst I think this question is off-topic for SF, try listing your rules with `iptables -L -n -v` - you may find it easier to identify the rule you have just added if you disable DNS reverse-resolution in the listing. – MadHatter Mar 19 '17 at 14:08

2 Answers2

1

iptables like many other network tools do reverse DNS lookup on IP addresses by default. So, this means that the string shown in the host part is the DNS name for the IP address you are trying to block.

On other note, you are blocking a single address in an ISPs DHCP pool. This isn't effective, since IP addresses for users who get their addresses via DHCP will change over time. So, once the user of this IP gets a new address, another one will later get this address and the new user is blocked.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
-3

I think I stumbled upon this issue in the past and i have no idea why but a script helped, in general you have another line here that you didn't include to block both incoming and outgoing traffic.

Try creating a file with ip addresses inside for those you wish to block then try to write a script to use the file, maybe that would work..

BLOCKDB=/root/ip.block
BIPS=$(grep -Ev "^#" $BLOCKDB)
for $i in $BIPS
do
iptables -A INPUT -s $i -j DROP
iptables -A OUTPUT -d $i -j DROP
Pixel
  • 146
  • 5