How can we block IP in Security Group where we allowed icmp,http,https to all, should not block in vpc also implement role to instance any other solution

0

I am having one web server, particular ip is hitting contiously due to which CPU utilization is more and server is running down time. wants to block the ip in Security Group which is not possible, Iam role and policy but not getting blocked { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "", "Resource": "", "Condition": { "IpAddress": { "aws:SourceIp": "xxxx/32" }, "StringEquals": { "aws:SourceVpc": "vpc-xxxx2ee5fa" } } } ] } Not working with above policy also. also we need icmp,http,https to 0.0.0.0/0

feita há 3 meses130 visualizações
2 Respostas
1
Resposta aceita

According to me the solution for this is to connect to the EC2 instance and drop the ip using the command #Check for IP tables

sudo iptables -A INPUT -s <IP-ADDRESS-TO-BLOCK> -j DROP

sudo service iptables save

Block an IP using firewalld

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<IP-ADDRESS-TO-BLOCK>" drop' sudo firewall-cmd --reload

by following above steps we have block the IP tail -f /var/log/httpd/access_log # to check ip status

But if in the security group if AWS allows us to Drop an option in a custom where we can give the required ip i will be easier but this option we cant find.

respondido há 3 meses
profile picture
ESPECIALISTA
avaliado há 2 meses
0

create a rule in your Network Access Control List to deny traffic from that IP

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

respondido há 3 meses
  • Thank you. But If we create NACL rule it will be denied for all the instances in that network. Even we cant login to the ec2 tried this solution

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas