Ubuntu set up Proxy

nano /etc/environment
 export http_proxy=http://127.0.0.1:8118
 export https_proxy=http://127.0.0.1:8118
 export no_proxy="127.0.0.1, localhost" 

save and go.

use iptables to block ip range

To block 116.10.191.* addresses:

$ sudo iptables -A INPUT -s 116.10.191.0/24 -j DROP

To block 116.10.*.* addresses:

$ sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP

To block 116.*.*.* addresses:

$ sudo iptables -A INPUT -s 116.0.0.0/8 -j DROP

But be careful what you block using this method. You don’t want to prevent legitmate traffic from reaching the host.

edit: as pointed out, iptables evaluates rules in sequential order. Rules higher in the ruleset are applied before rules lower in the ruleset. So if there’s a rule higher in your ruleset that allows said traffic, then appending (iptables -A) the DROP rule will not produce the intended blocking result. In this case, insert (iptables -I) the rule either:

  • as the first rule

sudo iptables -I ...

  • or before the allow rule

sudo iptables --line-numbers -vnL

say that shows rule number 3 allows ssh traffic and you want to block ssh for an ip range. -Itakes an argument of an integer that’s the location in your ruleset you want the new rule to be inserted

iptables -I 2 ...