LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 01-08-2008, 09:13 AM   #1
NinjaGuru
LQ Newbie
 
Registered: Jan 2008
Posts: 2

Rep: Reputation: 0
Question iptables bash script to add offending ip's to temporary chain


Hi there all,

I have just setup a simple iptables firewall on one of my linux boxes. I have written a script that (hopefully does the following)

(I am quite new to bash scripting so please excue my attempt at this script)

Spec
1: Scan through my /etc/httpd/logs/access_log (apache log)
2: Filter out a particular pattern
3: output the filtered ip addresses to a text file
4: sort the text file removing duplicate entries
5: Flush iptables
6: Add the sorted / filtered ip addresses to ip tables
7: Timestamp the last time this script was run

As I rotate my access_log every 24 hours offending IP's can probably get in after 24 hours which is fine.

I have written the following script however it does not seem to be working properly (I got some of the code after doing some google searches) is there anyone here who could perhaps guide me in the right direction

Code:
#!/bin/bash
#Setup some vars
MAILTO=myemail@address.com
BLOCK_LIST=`cat /etc/ipblock-uniq`
CURRENT_RULES=`iptables -L`
IPTABLES=`whereis iptables | awk '{print $2}'`
# 1st Flush Iptables
$IPTABLES --flush
# Search for the offending ip's in Access_log
cat /etc/httpd/logs/access_log | grep '"-" "-"' | awk '{print $1}'  > /etc/ipblock
# Remove duplicates
sort /etc/ipblock | uniq > /etc/ipblock-uniq

# This code is not working too well at the moment
for ENTRIES in $BLOCK_LIST; do
        SUCCESS=0
        grep "$ENTRIES" "$CURRENT_RULES"
                if [ ! "$?" = "$SUCCESS" ]; then # if the rule is not found, add it
                        $IPTABLES -I INPUT -i eth0 -s $ENTRIES -j DROP
                        $IPTABLES -I OUTPUT -o eth0 -d $ENTRIES -j DROP
                fi
done
# Remove certain IP's from accidental lockout
$IPTABLES -D OUTPUT -i eth0 -s 11.111.111.111 -j DROP
$IPTABLES -D OUTPUT -o eth0 -d 11.111.111.111 -j DROP
# View iptables
$IPTABLES -L -n -v
#Timestamp last action
date >/etc/potential-lastrun.log

Last edited by NinjaGuru; 01-08-2008 at 09:15 AM. Reason: adding tags
 
Old 01-08-2008, 10:05 AM   #2
NinjaGuru
LQ Newbie
 
Registered: Jan 2008
Posts: 2

Original Poster
Rep: Reputation: 0
Talking

I messed around with it a bit - I have managed to get it working now.

Here is my code - just in case the solution I came up with is not too elegant (I'm quite sure it is not!)


Code:
#!/bin/bash
#Setup some vars
MAILTO=myemail@address.com
BLOCK_LIST=`cat /etc/ipblock-uniq`
CURRENT_RULES=`iptables -L`
IPTABLES=`whereis iptables | awk '{print $2}'`
# 1st Flush Iptables
$IPTABLES --flush
# Search for the offending ip's in Access_log
cat /etc/httpd/logs/access_log | grep '"-" "-"' | awk '{print $1}'  > /etc/ipblock
# Remove duplicates
sort /etc/ipblock | uniq > /etc/ipblock-uniq

# This code is now working
for ENTRIES in $BLOCK_LIST; do
        $IPTABLES -I INPUT -i eth0 -s $ENTRIES -j DROP
        $IPTABLES -I OUTPUT -o eth0 -d $ENTRIES -j DROP
done

# Remove certain IP's from accidental lockout
$IPTABLES -D OUTPUT -i eth0 -s 11.111.111.111 -j DROP
$IPTABLES -D OUTPUT -o eth0 -d 11.111.111.111 -j DROP
# View iptables
$IPTABLES -L -n -v
#Timestamp last action
date >/etc/potential-lastrun.log
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to add numbers in a formatted file via a bash script? zero79 Linux - General 8 12-24-2010 05:48 PM
add user bash script noir911 Programming 4 08-13-2005 08:24 AM
IPTables - Multiple Public IP's to private IP's matneyc Linux - Security 8 05-27-2005 12:23 PM
IPTABLES how to add/edit/delete rules in existing chain? debug019 Linux - Newbie 1 11-11-2004 02:48 PM
Bash script: add all numbers from command output wi-Z-art Programming 2 08-06-2003 09:16 AM


All times are GMT -5. The time now is 10:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration