-2

Since i do not have access to other layers, i would like to know the most efficient way to block an ip address from connecting to a Ubuntu 18.04 server. To the box itself, they are most likely connecting to port 80. However i would like to block access across all ports to this ip address.

I am aware of adding a record in iptables. By most efficient i mean, the least amount of layers the packet goes through. Kind of like blocking using iptables happens before block using an apache config on the webserver itself.

Are there any other better ways?

Thanks

Dan
  • 173
  • 1
  • 1
  • 7
  • 1
    `route add THEIPADDRESS 127.0.0.1` will mean they never get any packets accepted and therefore cannot connect. – Jenny D Apr 10 '19 at 12:20

1 Answers1

6

In general, earlier denial means less load and potentially malicious traffic reaches your compute.

A network level firewall prevents packets from reaching the host.

A host level firewall prevents packets from reaching applications.

An application layer access list has not prevented the connection, but may deny servicing the request. If you know you don't want a given address or port, a firewall rule would be more efficient.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34