LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-20-2009, 06:00 PM   #1
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Rep: Reputation: 15
Iptables - Ban a list of ips trough a txt...


Is it possible to make iptables working to ban a list of ips charged from a txt file?
im using linux centos.
 
Old 02-20-2009, 06:08 PM   #2
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,202

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
that would be called 'blacklisting'
here is some documentation i found as a start, try googling for iptables blacklisting if you need more
http://aplawrence.com/Words2005/2005_05_01.html
 
Old 02-20-2009, 06:32 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Assuming your TXT file has one IP address per line (and nothing else):
Code:
#!/bin/sh
for i in `cat /etc/example.txt`; do
iptables -I INPUT -s $i -j DROP
done
 
Old 02-21-2009, 06:12 AM   #4
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
Assuming your TXT file has one IP address per line (and nothing else):
Code:
#!/bin/sh
for i in `cat /etc/example.txt`; do
iptables -I INPUT -s $i -j DROP
done
where i must insert this code? which file?
 
Old 02-21-2009, 09:38 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by dan83 View Post
where i must insert this code? which file?
You don't really need to insert it anywhere. You could execute that script as a file of it's own an you'd be fine. But if you wanna insert it into your current iptables script then that's okay too. Anywhere in the script will work, as long as there are no -I rules after this which might conflict.
 
Old 02-21-2009, 11:24 AM   #6
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
i have not understood... must i create a file with that script? how i can create it? and how execute it?
 
Old 02-21-2009, 11:43 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by dan83 View Post
i have not understood... must i create a file with that script? how i can create it? and how execute it?
Yes, you could create a file for it if you want. You'd just need to edit the /etc/example.txt part in it to match whatever file you actually have the IPs stored in. You create it just like you would any other text file: Select the code I posted, right-click on it, select "Copy", open your favorite text editor, start a new file, right-click in it, select "Paste", edit the path/filename I just told you about, select "Save", type in the file name and path you wish to save the script as.

To make the file executable you right-click on the file, select "Properties" (or whatever), and tweak the permissions accordingly. You could also just use the chmod command on it like:
Code:
chmod 755 /etc/example.sh
To execute the file you just do a:
Code:
/etc/example.sh
BTW, I'm moving this thread to Newbie for better exposure.
 
Old 02-21-2009, 11:54 AM   #8
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
must i save it as txt? then load it in the server?
 
Old 02-21-2009, 12:02 PM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by dan83 View Post
must i save it as txt? then load it in the server?
No, you can call your files whatever you want.

My examples use TXT for the IP list file and SH for the script only for clarity's sake.
 
Old 02-21-2009, 12:32 PM   #10
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
ok i do as you said and i tested it, but it does not work.
here the script i used:

Code:
#!/bin/sh
for i in `cat /banned_ips.txt`; do
iptables -I INPUT -s $i -j DROP
done
the file is in the main server directory as you can see... what is wrong? the banned ip can still connect.
 
Old 02-21-2009, 12:45 PM   #11
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,202

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
it would help if you included the error message if any
 
Old 02-21-2009, 01:03 PM   #12
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
it is an iptable txt bando you think an error message should came out? and from where from the hat?

Last edited by dan83; 02-21-2009 at 01:06 PM.
 
Old 02-21-2009, 01:08 PM   #13
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,202

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
depends on what is broken, you could get a 'file not found error' if you input the wrong filename or a syntax error for iptables if the syntax were incorrect
the question is how do you know it isnt working?
 
Old 02-21-2009, 01:13 PM   #14
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
because i inserted inside some ips of my friends, then i asked them to try to connect to the website and they can still connect
 
Old 02-21-2009, 01:49 PM   #15
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,202

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
see if this helps
http://www.developertutorials.com/tu...503/page1.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to ban IPs from Internal ? ThanhDuongCong Linux - Networking 6 11-21-2008 01:24 AM
Ban a Range of IPs in iptables userlander Linux - Networking 4 11-13-2008 02:07 PM
Can I Ban Certain IPs or Subnets davidstvz Linux - Newbie 8 08-16-2008 10:34 AM
Best way to ban blocks of IPs? hank43 Linux - Security 4 02-23-2007 03:36 PM


All times are GMT -5. The time now is 08:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration