LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 09-30-2003, 08:00 AM   #1
exalik
Member
 
Registered: Mar 2003
Location: PARIS / FRANCE
Distribution: Mandrake 9.2rc2
Posts: 49

Rep: Reputation: 15
Multi ip adress to reject with iptables


Hello,

I have a plain text file which contain one ip adress or domain name per line.
I would like to make a simple script that use this file to reject all the ip adress and domain names that are in.

Can somebody help me to do it because i don't know to make script like this ?

I just want to limit unwanted pop-up without using any proxy that could do it i know.


Thank you.

Exalik
 
Old 10-01-2003, 07:04 PM   #2
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
I got this from the firewall at http://projectfiles.com/firewall/. I modified the script slightly so it reads the $BLACKLIST variable from a file I have in /etc/sysconfig/blacklist. The format of the blacklist file is like this:
Format: [<host or network address>[/<netmask>]][:[<port or port-range>[/<protocol>]]

You can probably stick this in any rc.firewall script and get it to work with very little tweeking. Anyway here is the code which does the work:

Code:
blacklistfile="/etc/sysconfig/blacklist"
BLACKLIST=`cat $blacklistfile`

# Drop traffic to and from blacklisted networks.

for NETWORK in $BLACKLIST; do
  NET=`echo "$NETWORK:" | cut -d: -f1`
  if ! check_network; then
    PORTS="$NET"
    NET="0.0.0.0/0"
  else
    PORTS=`echo "$NETWORK:" | cut -d: -f2`
  fi
  if [ -n "$PORTS" ]; then
    PROTOCOL=`echo "$PORTS/" | cut -d/ -f2`
    PORT="--dport `echo "$PORTS/" | cut -d/ -f1 | cut -d- -f1,2 --output-delimiter=":"`"
    if [ "$PROTOCOL" == "tcp" ] || [ -z "$PROTOCOL" ]; then
      if [ "$IS_ROUTER" == "yes" ]; then
	iptables -t filter -I FORWARD -s $NET -p tcp $PORT -j DROP
	iptables -t filter -I FORWARD -d $NET -p tcp $PORT -j DROP
      fi
      iptables -t filter -I INPUT -s $NET -p tcp $PORT -j DROP
      iptables -t filter -I INPUT -d $NET -p tcp $PORT -j DROP
      iptables -t filter -I OUTPUT -s $NET -p tcp $PORT -j DROP
      iptables -t filter -I OUTPUT -d $NET -p tcp $PORT -j DROP
    fi
    if [ "$PROTOCOL" == "udp" ] || [ -z "$PROTOCOL" ]; then
      if [ "$IS_ROUTER" == "yes" ]; then
	iptables -t filter -I FORWARD -s $NET -p udp $PORT -j DROP
	iptables -t filter -I FORWARD -d $NET -p udp $PORT -j DROP
      fi
      iptables -t filter -I INPUT -s $NET -p udp $PORT -j DROP
      iptables -t filter -I INPUT -d $NET -p udp $PORT -j DROP
      iptables -t filter -I OUTPUT -s $NET -p udp $PORT -j DROP
      iptables -t filter -I OUTPUT -d $NET -p udp $PORT -j DROP
    fi
  else
    if [ "$IS_ROUTER" == "yes" ]; then
      iptables -t filter -I FORWARD -s $NET -j DROP
      iptables -t filter -I FORWARD -d $NET -j DROP
    fi
    iptables -t filter -I INPUT -s $NET -j DROP
    iptables -t filter -I INPUT -d $NET -j DROP
    iptables -t filter -I OUTPUT -s $NET -j DROP
    iptables -t filter -I OUTPUT -d $NET -j DROP
  fi
done
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
reject certain mac-adresses ekkins Linux - Networking 1 06-19-2005 06:14 PM
Reject mail config kimnajoo Linux - Security 1 05-06-2005 01:04 PM
help! cvs reject access? cucmi Programming 2 06-15-2004 03:56 AM
Getting reject when trying to connect via ppp. Tarts Slackware 2 11-13-2003 05:40 AM
Can iptables be configured to reject web requests based on content? steppin_razor Linux - Security 10 11-29-2001 12:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration