1、封锁单个ip: iptables -i input -s ip -j drop
[root@node1 ~]# iptables -i input -s 192.168.1.11 -j drop
[root@node1 ~]# iptables -l
chain input (policy accept)
target prot opt source destination
drop all -- 192.168.1.11 anywhere
2、解封单个ip:iptables -d input -s ip -d ip -j accept
[root@node1 ~]# iptables -d input -s 192.168.1.11 -j drop # 解封ip: 192.168.1.11
[root@node1 ~]# iptables -l
chain input (policy accept)
target prot opt source destination
二、封ip段
1、封ip段: 从123.0.0.1到123.255.255.254的命令
[root@node1 ~]# iptables -i input -s 123.0.0.0/8 -j drop
[root@node1 ~]# iptables -l
chain input (policy accept)
target prot opt source destination
drop all -- 123.0.0.0/8 anywhere
2、封ip段: 从123.45.0.1到123.45.255.254的命令
[root@node1 ~]# iptables -i input -s 123.45.0.0/16 -j drop
[root@node1 ~]# iptables -l
chain input (policy accept)
target prot opt source destination
drop all -- 123.45.0.0/16 anywhere
drop all -- 123.0.0.0/8 anywhere
3、封ip段:从123.45.6.1到123.45.6.254的命令是
[root@node1 ~]# iptables -i input -s 123.45.6.0/24 -j drop
[root@node1 ~]# iptables -l
chain input (policy accept)
target prot opt source destination
drop all -- 123.45.6.0/24 anywhere
drop all -- 123.45.0.0/16 anywhere
drop all -- 123.0.0.0/8 anywhere
[root@node1 ~]# iptables -f
[root@node1 ~]# iptables -l input
chain input (policy accept)
target prot opt source destination
[root@node1 ~]#