In the world of systems administration, having the commands to add or remove a blackhole / nullroute a host or problematic IP address can be very useful. So in this simple, yet useful tutorial, we’ll cover how to exactly go about doing this on nearly any type of Linux OS!

How to add a blackhole nullroute:

For this example, let’s assume that we are receiving unwanted SSH login attempts from 192.168.0.195 .

root@server:~# netstat -na | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.0.197:22 192.168.0.195:57776 ESTABLISHED

To add the blackhole for 192.168.0.195:

root@server:~# ip route add blackhole 192.168.0.195/32

To verify the route is in place will will use “ip route show “:

root@server:~# ip route show
default via 192.168.0.1 dev eth0 metric 100
blackhole 192.168.0.195

Subsequently, connections to and from that IP will fail:

root@attacker:~$ ssh 192.168.0.2
ssh: connect to host 192.168.0.2 port 22: No route to host

Removing a blackhole:

Typically, blackholes are useful when your server is under attack. After the attack has subsided, or you wish to remove the blackhole you can do so as follows:

root@server:~# ip route del 192.168.0.195
root@server:~# ip route show
default via 192.168.0.1 dev eth0 metric 100

• Author
• Recent Posts

Frank

At LowEndBox, our News and Editorial Team is laser focused on delivering quality content our audience values; we curate and syndicate top stories in hosting, data centers, and related topics. Our mission is to keep you informed about the latest developments in hosting solutions, ensuring you have the knowledge needed to make informed decisions for your online ventures. Stay tuned for insightful articles and updates from our dedicated team.

Latest posts by Frank (see all)

• SteadyVPS – Dedicated Server offer for $35 a month out of Los Angeles datacenter - April 25, 2020
• WindowsVPS.Host – VPS plans starting at $5.50! - March 13, 2020
• HostNOC – Dedicated VPN offer for $4.99 a month! Secure, Safe and Private! - March 9, 2020