sudo route add xxx.xxx.xxx.xxx gw 127.0.0.1 lo

Drop or block attackers IP with null routes

Someone might attack on your system. You can drop attacker IP using IPtables. However, you can use route command to null route unwanted traffic. A null route (also called as blackhole route) is a network route or kernel routing table entry that goes nowhere. Matching packets are dropped (ignored) rather than forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.
Sample Output
sudo route add 65.21.34.4 gw 127.0.0.1 lo

2
2009-02-23 19:58:09

These Might Interest You

What Others Think

I don't understand the down-votes; this command works as advertised. I'd rather use IPTables, personally, but this is a good dirty hack that will, for example, stop a DoS.
sud0er · 482 weeks and 1 day ago
Thanks. Yeah the only downside to this command is that it doesn't save the rule after reboot.
JackiesJungle · 482 weeks ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: