# Forcefully close a connection to a specific destination
sudo ss -K dst 192.168.1.100
# view routes
ip r
ip route
# To reject a route (block traffic to an IP)
ip route add unreachable 74.1.1.0/24
ip route del unreachable 74.1.1.0/24
# add route
sudo ip route add {NETWORK/MASK} via {GATEWAYIP}
sudo ip route add {NETWORK/MASK} dev {DEVICE}
sudo ip route add default {NETWORK/MASK} dev {DEVICE}
sudo ip route add default {NETWORK/MASK} via {GATEWAYIP}
# Here is another example where I am setting up route for my VPN gateway:
ip link set dev tun0 up mtu 1500
ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
ip route add 139.59.2.125/32 via 192.168.2.254
ip route add 0.0.0.0/1 via 10.8.0.1
ip route add 128.0.0.0/1 via 10.8.0.1
Edit config file such as /etc/sysconfig/network-scripts/route-eth0 on a CentOS/RHEL/Fedora Linux for interface eth0 using a text editor such as nano command or vim command:
vim /etc/sysconfig/network-scripts/route-eth0
Append the following text:
172.10.1.0/24 via 10.0.0.100 dev eth0
Save and exit (close) the file in a vim text editor. Finally, restart your network service on a CentOS/RHEL/Fedora Linux so they take effect:
systemctl restart network.service
A note about ip command and persistence static routing on a Debian/Ubuntu
Edit your /etc/network/interfaces file for say eth0:
vi /etc/network/interfaces
Update it as follows:
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.254
## static ip config START ##
up /sbin/ip route add 172.10.1.0/24 via 10.8.0.1 dev eth0
down /sbin/ip route delete 172.10.1.0/24 via 10.8.0.1 dev eth0
## static ip config END ##
## How to find the route used for an destination IP
The syntax is as follows:
ip route get to {IPv4_address_here}
ip route get to {IPv6_address_here}
ip route get to 172.66.43.74
Outputs indicating that 172.66.43.74 can be reached via the wg0 interface with 192.168.13.4 as source IP:
172.66.43.74 dev wg0 table 51832 src 192.168.13.4 uid 1000
cache
