Q: I am seeing multiple access attempts in the log files from an IP address that is not one of mine. How do I block them.
A: If you want to block an IP address you can use IPTables which is the name given to the built in linux firewall. First you need to log in to the shell as root. Then type the following:
First make sure iptables starts on boot up.
# chkconfig iptables on
Then make sure iptables is currently running.
# service iptables start
Then make sure to clear any existing rules assuming you don't have any you want to keep. Otherwise skip this.
# iptables -P input accept
# iptables -X
# iptables -F
Then block the offending IP address
# iptables -A INPUT -s xx.xx.xx.xx -j DROP
Where xx.xx.xx.xx is the ip address you want to block.
You can now verify what rules are currently running by entering the following:
# iptables -L
Now save the current iptables rule(s) so they are loaded again after reboot:
# service iptables save
If you want to block more IP addresses or add other rules just repeat the above with the exception of iptables -F which will clear all pre-existing rules.
If using filewalld the syntax for blocking IP's is as follows
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=xx.xx.xx.xx reject"
firewall-cmd --reload
