I have to do with Linux firewall iptables quite rarely, that’s why I never remember commands I need. I’m going to list them here as they will come on my way.
List rules with line numbers:
iptables -L --line-numbers
Deny all acces from IP, in case of DDOS or Auth-attack:
iptables -A INPUT -s 220.127.116.11 -j DROP
Remove rule by line number:
iptables -D INPUT 2
Blocking visitors by Country
Get list from http://www.ip2location.com/free/visitor-blocker
Create file containing ip ranges list, like block-china.txt.
Use IPset to simplify rules.
ipset create blacklist hash:net
Importing IP addresses from list file:
while read line; do ipset add blacklist $line; done < block-china.txt
Check set by listing a content:
ipset list blacklist
Deny all access from blacklist:
iptables -I INPUT -m set --match-set blacklist src -j DROP