How to do it...

We will try to create a basic rule set of iptables, using which we will restrict all the incoming packets, except for those that are necessary for us:

  1. The first step will be to create a rule to allow access to the loopback interface so that the services on the system can communicate properly with each other locally. The command to do so is as follows:
    iptables -A INPUT -i lo -j ACCEPT

This is necessary for the system to function properly.

  1. Next, we will create the rule for the outbound connections that have been initiated by our system:
    iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

This will accept all the outbound traffic, including the responses from the remote servers that we have tried to connect ourselves (such as any website we're visiting):

  1. Now, let's create a table to be used in iptables. We have called it blocked_ip. You can choose any name you want:
    iptables -N blocked_ip

This is the table where we will add the spoofed IP addresses that we want to block.

  1. Now, we will insert this table into the INPUT table of iptables by using the following command:
    iptables -I INPUT 2 -j blocked_ip

Note that we have used the number 2 to make sure that this rule will be the second from the top in the iptables.

  1. Now, let's add the bad IPs into the blocked_ip table that we have created:
    iptables -A blocked_ip -s 192.168.1.115 -j DROP

We have used the IP address 192.168.1.115 as an example here. You can replace it with the IP address that you want to block. If you have more than one IP address to block, add them one by one to iptables.

  1. Now, we can see the list of rules in iptables by using the following command:
    iptables -L

In the details shown in the following screenshot, we can see that, at the bottom, we have the IP address that we are trying to block. You can specify a single IP address or a range, as per your choice:

  1. After making rules in the Iptables, we can edit the /etc/host.conf file as well. Open the file in any editor of your choice. I am using nano:
    nano /etc/host.conf

Now, add or edit the following lines in the file, as follows:

    order hosts,bind
    nospoof on

In the preceding example, the nospoof on option does a comparison of IP address returned by hostname lookup with the hostname returned by IP address lookup. If the comparison fails, this option generates a spoof warning.

Once done, save and close the file. This will also help protect the system from IP spoofing.