LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2009, 09:53 AM   #31
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541

Quote:
Originally Posted by dan83 View Post
this
Nevermind. Let's try another approach. Log in and su to root, then locate your file containing the IP addresses you want to block. For this example we'll name it "/tmp/blockip.log". Now run these commands, substituting "/tmp/blockip.log" for the path and filename you have:
Code:
script myfirstscriptlog
/etc/init.d/iptables stop; /etc/init.d/iptables start
/sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
for IP in $(< /tmp/blockip.log ); do /sbin/iptables -A INPUT -s $IP -j DROP; done
/sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
exit
The increase in numbers on stdout should equal the amount of lines in /tmp/blockip.log.
That is, if you didn't fsck up and if no other tool is writing on the fly rules at the same time.
If any errors occur attach the "myfirstscriptlog".
Not that anything makes sense anyway since you have an INPUT chain DROP policy.
 
Old 02-22-2009, 11:20 AM   #32
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
Quote:
script myfirstscriptlog
/etc/init.d/iptables stop; /etc/init.d/iptables start
/sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
for IP in $(< /banned_ips.txt ); do /sbin/iptables -A INPUT -s $IP -j DROP; done
/sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
exit
i did those commands but where can i find myfirstscriptlog file? where is it?

Last edited by dan83; 02-22-2009 at 11:26 AM.
 
Old 02-23-2009, 01:34 PM   #33
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
where can i find myfirstscriptlog file?
 
Old 02-24-2009, 01:30 PM   #34
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
can someone help me in this thread? anyone around?
 
Old 02-25-2009, 12:08 PM   #35
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
nobody there?
 
Old 02-25-2009, 01:48 PM   #36
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by dan83 View Post
where can i find myfirstscriptlog file?
It'll be right there in whatever directory you executed the script command in.
 
Old 02-27-2009, 05:19 PM   #37
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
i did not specified a directory so i guess it is in the main directory?
i already checked and there was not that file...
 
Old 02-27-2009, 06:44 PM   #38
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by dan83 View Post
i did not specified a directory so i guess it is in the main directory?
i already checked and there was not that file...
Like I said, it'll be created in whatever directory you were in when you executed the script command (there is no such thing as a main directory), and will record everything you did up until the moment you did an exit. The only way for the file to end up somewhere else would be if you specified a different path.

Last edited by win32sux; 02-27-2009 at 06:51 PM.
 
Old 02-28-2009, 06:54 PM   #39
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
hey i did those commands but ips in that txt file can still connect to server why it does not work? i did all instructions that unspawn posted

i found my scriptlog file, here what was inside:

Quote:
Script started on Sun 22 Feb 2009 06:16:57 PM CET
for IP in $(< /banned_ips.txt ); do /sbin/iptables -A INPUT -s $IP -j DROP; done
/sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
exit^[]0;root@host145-236-149-62:~^G[root@host145-236-149-62 ~]# for IP in $(< /banned_ips.txt ); do /sbin/iptables -A INPUT -s $IP -j DROP; done
^[]0;root@host145-236-149-62:~^G[root@host145-236-149-62 ~]# /sbin/iptables --line-numbers -n -v -L -t mangle | wc -l
14
^[]0;root@host145-236-149-62:~^G[root@host145-236-149-62 ~]# exit
exit

Script done on Sun 22 Feb 2009 06:17:26 PM CET

Last edited by dan83; 02-28-2009 at 07:01 PM.
 
Old 03-01-2009, 08:16 AM   #40
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
nothing to get it working? uh
 
Old 03-01-2009, 12:48 PM   #41
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
I'll wait for unSpawn to chime in as I'm not sure why the rules in the mangle table were counted.
 
Old 03-07-2009, 02:39 PM   #42
dan83
LQ Newbie
 
Registered: Feb 2009
Posts: 24

Original Poster
Rep: Reputation: 15
this question seems forgot by all. lol
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to ban IPs from Internal ? ThanhDuongCong Linux - Networking 6 11-21-2008 12:24 AM
Ban a Range of IPs in iptables userlander Linux - Networking 4 11-13-2008 01:07 PM
Can I Ban Certain IPs or Subnets davidstvz Linux - Newbie 8 08-16-2008 09:34 AM
Best way to ban blocks of IPs? hank43 Linux - Security 4 02-23-2007 02:36 PM


All times are GMT -5. The time now is 04:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration