禁IP,插入一条规则。

sudo iptables -I INPUT 1 -s 115.183.29.66/32 -j DROP

列状态：

sudo iptables -L -v --line-number

删除某行：

sudo iptables -D INPUT 1

基本配置

$cat /etc/iptables.up.rules

# Generated by iptables-save v1.4.12 on Fri Apr 10 16:09:37 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [67481827:172450251970]
-A INPUT -s 124.200.179.226/32 -j DROP
-A INPUT -s 5.196.5.116/32 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Fri Apr 10 16:09:38 2015

注意：ubuntu 18.04 用使用netplan，用法不一样。
自动更新 iptables.up.rules,在/etc/network/interfaces的末尾添加

pre-up iptables-restore < /etc/iptables.up.rules
post-down iptables-save > /etc/iptables.up.rules