I was asked the other day by a friend if he would be able to use iptables to block a range of IP addresses. Of course! For years any servers I ran I would disable selinux and just use iptables, setting up simple rules, and letting it go. It worked well and I never had any issues with it.
Below is a cleaned up version of the message I sent to him.
1. Find the range
If you don’t know the range you’ll need to get that. I’ve always done this by a whois search on the ip address.
john@john-mint ~ $ whois 192.0.78.17
NetRange: 192.0.64.0 - 192.0.127.255 CIDR: 192.0.64.0/18
2. Run the following command as root.
iptables -A INPUT --source 192.0.64.0/18 -j DROP
3. Save it!
/usr/sbin/iptables save
4. You can restart the service.
/usr/sbin/iptables restart
5. Verify that the rule was saved.
iptables -L