Issue with iptables
I have a list of IPs that I want to block, so I made a script to use iptables to block them. The IP list is one IP per line and the file is named "newips". The script is named "ipblock.sh". Both are located in /home/oranges.
Code:
#!/bin/bash Code:
' not found.3.5: host/network `##.##.##.## What could be the problem? |
Your script worked for me when I did a test.
This suggests that one of the following is the issue: A) You have something in the IP file other than IPs in the form ##.##.##.## (do you have quotes or tics in the file? Are you trying to append network with "/". If so you may need to escape or quote the "/" as it has special meaning to the shell. B) iptables isn't on when you ran your script. |
I've uploaded the file here so you can see for yourself. There's nothing wrong that I can see here, just IPs listed.
http://senduit.com/9bfa3e |
3900 pages of IPs?!
Every packet you have would take forever to check all your rules! What exactly are you trying to accomplish? That is I know you want to block these IPs but to what end? It seems you might be better off writing rules for the IPs you DO allow - OR block entire ranges (e.g. those assigned to specific countries) if you're trying to block hack attempts. |
Hi,
apart from the fact that your list of ips is *huge* -- the problem you have is because that list is in DOS format, i.e. lines are terminated with \r\n instead of just \n. So if you modify your script like Code:
#!/bin/bash If you really need to filter that many individual ips you probably want to at least do some cascading to substantially reduce the number of rules that have to be traversed for each packet. |
or run dos2unix against the IP file before hand.
But again I really would not add this many lines to iptables (even if possible). |
Thanks everyone.
Quote:
|
All times are GMT -5. The time now is 03:51 AM. |