Route usage

[whuk_sarah]

Many of us use iptables to block an IP address using the iptables. But there is another option of using route command to block an IP address in case you do not wish to use iptables.

You can use route command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.

Blocking an IP using route command

For example you are recieving spam emails or large number of connections from a single IP address 72.22.1.5, you can use the route command to block this IP address and direct it to null route. The following will be the format:

Quote:

# route add 72.22.1.5 gw 127.0.0.1 lo

You can verify the result by using the following commands:

Quote:

# route -n

Or

Quote:

# netstat -nr

You can also use reject target

Quote:

# route add -host 72.22.1.5 reject

To confirm that the routing is working you can use the ip command as follows:

Quote:

# ip route get 72.22.1.5

Output:
Code:

Quote:

RTNETLINK answers: Network is unreachable

You can drop the entire subnet 192.168.1.0/24 using the following command:

Quote:

# route add -net 192.168.1.0/24 gw 127.0.0.1 lo

You can also use ip command to null route an ip or entire network:

Quote:

# ip route add blackhole 192.168.1.0/24
# ip route add blackhole 72.22.1.5

Removing / Delete Null routing

You can use the route command to delete the routing:

Quote:

# route delete 72.22.1.5

This can reduce the use of iptables in a considerable way.