LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-14-2006, 06:57 PM   #1
latino
Member
 
Registered: Aug 2003
Location: Puerto Rico
Distribution: Centos 6.6
Posts: 142

Rep: Reputation: 15
Question Blocking some Russia IP, How I can run this?


Hi:

I am having a bad guy from Russia (visiting my site) and want to run this to block all Russia IP. I dont have users from there. FYI, I obtained this IPs from:
http://blacklist.linuxadmin.org/

The question, How I setup a bash script to execute this in batch???

./apf -d 195.49.184.0/22 DENY RUSSIA IPS
./apf -d 195.49.192.0/21 DENY RUSSIA IPS
./apf -d 195.49.232.0/21 DENY RUSSIA IPS
./apf -d 195.54.0.0/19 DENY RUSSIA IPS
./apf -d 195.149.110.0/23 DENY RUSSIA IPS
./apf -d 217.23.176.0/20 DENY RUSSIA IPS
./apf -d 217.24.112.0/20 DENY RUSSIA IPS
./apf -d 217.24.176.0/20 DENY RUSSIA IPS
./apf -d 217.25.80.0/20 DENY RUSSIA IPS
./apf -d 217.25.144.0/20 DENY RUSSIA IPS
./apf -d 217.26.0.0/19 DENY RUSSIA IPS
./apf -d 217.26.176.0/20 DENY RUSSIA IPS
./apf -d 217.28.80.0/20 DENY RUSSIA IPS
./apf -d 217.28.208.0/20 DENY RUSSIA IPS
./apf -d 217.29.80.0/20 DENY RUSSIA IPS
./apf -d 217.29.112.0/20 DENY RUSSIA IPS
./apf -d 217.29.176.0/20 DENY RUSSIA IPS
./apf -d 217.30.240.0/20 DENY RUSSIA IPS
./apf -d 217.65.0.0/20 DENY RUSSIA IPS
./apf -d 217.65.80.0/20 DENY RUSSIA IPS
./apf -d 217.65.208.0/20 DENY RUSSIA IPS
./apf -d 217.66.16.0/20 DENY RUSSIA IPS
./apf -d 217.66.64.0/19 DENY RUSSIA IPS
./apf -d 217.66.144.0/20 DENY RUSSIA IPS
./apf -d 217.67.0.0/20 DENY RUSSIA IPS
./apf -d 217.67.112.0/20 DENY RUSSIA IPS
./apf -d 217.67.144.0/20 DENY RUSSIA IPS
./apf -d 217.67.176.0/20 DENY RUSSIA IPS
./apf -d 217.69.112.0/20 DENY RUSSIA IPS
./apf -d 217.69.192.0/19 DENY RUSSIA IPS
./apf -d 217.70.16.0/20 DENY RUSSIA IPS
./apf -d 217.70.96.0/19 DENY RUSSIA IPS
./apf -d 217.71.128.0/20 DENY RUSSIA IPS
./apf -d 217.72.0.0/20 DENY RUSSIA IPS
./apf -d 217.72.144.0/20 DENY RUSSIA IPS
./apf -d 217.73.112.0/20 DENY RUSSIA IPS
./apf -d 217.73.192.0/20 DENY RUSSIA IPS
./apf -d 217.73.240.0/20 DENY RUSSIA IPS
./apf -d 217.74.32.0/20 DENY RUSSIA IPS
./apf -d 217.74.112.0/20 DENY RUSSIA IPS
./apf -d 217.74.128.0/19 DENY RUSSIA IPS
./apf -d 217.74.160.0/20 DENY RUSSIA IPS
./apf -d 217.74.240.0/20 DENY RUSSIA IPS
./apf -d 217.76.32.0/20 DENY RUSSIA IPS
./apf -d 217.76.176.0/20 DENY RUSSIA IPS
./apf -d 217.77.96.0/19 DENY RUSSIA IPS
./apf -d 217.78.176.0/20 DENY RUSSIA IPS
./apf -d 217.79.16.0/20 DENY RUSSIA IPS
./apf -d 217.79.48.0/20 DENY RUSSIA IPS
./apf -d 217.106.0.0/15 DENY RUSSIA IPS
./apf -d 217.112.16.0/20 DENY RUSSIA IPS
./apf -d 217.113.112.0/20 DENY RUSSIA IPS
./apf -d 217.114.0.0/19 DENY RUSSIA IPS
./apf -d 217.114.32.0/20 DENY RUSSIA IPS
./apf -d 217.114.144.0/20 DENY RUSSIA IPS
./apf -d 217.114.176.0/20 DENY RUSSIA IPS
./apf -d 217.114.224.0/19 DENY RUSSIA IPS
./apf -d 217.115.80.0/20 DENY RUSSIA IPS
./apf -d 217.115.176.0/20 DENY RUSSIA IPS
./apf -d 217.116.48.0/20 DENY RUSSIA IPS
./apf -d 217.116.128.0/19 DENY RUSSIA IPS
./apf -d 217.117.80.0/20 DENY RUSSIA IPS
./apf -d 217.117.112.0/20 DENY RUSSIA IPS
./apf -d 217.117.176.0/20 DENY RUSSIA IPS
./apf -d 217.118.64.0/19 DENY RUSSIA IPS
./apf -d 217.118.176.0/20 DENY RUSSIA IPS
./apf -d 217.119.16.0/20 DENY RUSSIA IPS
./apf -d 217.119.80.0/20 DENY RUSSIA IPS
./apf -d 217.144.96.0/20 DENY RUSSIA IPS
./apf -d 217.144.160.0/19 DENY RUSSIA IPS
./apf -d 217.145.144.0/20 DENY RUSSIA IPS
./apf -d 217.146.32.0/20 DENY RUSSIA IPS
./apf -d 217.146.192.0/20 DENY RUSSIA IPS
./apf -d 217.147.0.0/19 DENY RUSSIA IPS
./apf -d 217.147.48.0/20 DENY RUSSIA IPS
./apf -d 217.148.48.0/20 DENY RUSSIA IPS
./apf -d 217.148.192.0/19 DENY RUSSIA IPS
./apf -d 217.148.224.0/20 DENY RUSSIA IPS
./apf -d 217.149.16.0/20 DENY RUSSIA IPS
./apf -d 217.150.0.0/18 DENY RUSSIA IPS
./apf -d 217.150.192.0/20 DENY RUSSIA IPS
./apf -d 217.151.16.0/20 DENY RUSSIA IPS
./apf -d 217.151.64.0/20 DENY RUSSIA IPS
./apf -d 217.151.128.0/20 DENY RUSSIA IPS
./apf -d 217.168.64.0/20 DENY RUSSIA IPS
./apf -d 217.168.240.0/20 DENY RUSSIA IPS
./apf -d 217.169.80.0/20 DENY RUSSIA IPS
./apf -d 217.170.64.0/19 DENY RUSSIA IPS
./apf -d 217.170.112.0/20 DENY RUSSIA IPS
./apf -d 217.170.208.0/20 DENY RUSSIA IPS
./apf -d 217.171.0.0/20 DENY RUSSIA IPS
./apf -d 217.171.64.0/20 DENY RUSSIA IPS
./apf -d 217.171.144.0/20 DENY RUSSIA IPS
./apf -d 217.171.224.0/20 DENY RUSSIA IPS
./apf -d 217.172.16.0/20 DENY RUSSIA IPS
./apf -d 217.173.0.0/19 DENY RUSSIA IPS
./apf -d 217.174.96.0/20 DENY RUSSIA IPS
./apf -d 217.174.176.0/20 DENY RUSSIA IPS
./apf -d 217.175.16.0/20 DENY RUSSIA IPS
./apf -d 217.175.128.0/19 DENY RUSSIA IPS
./apf -d 217.194.240.0/20 DENY RUSSIA IPS
./apf -d 217.195.64.0/19 DENY RUSSIA IPS
./apf -d 217.195.96.0/20 DENY RUSSIA IPS
./apf -d 217.195.208.0/20 DENY RUSSIA IPS
./apf -d 217.196.96.0/19 DENY RUSSIA IPS
./apf -d 217.197.112.0/20 DENY RUSSIA IPS
./apf -d 217.197.240.0/20 DENY RUSSIA IPS
./apf -d 217.198.0.0/20 DENY RUSSIA IPS
./apf -d 217.198.80.0/20 DENY RUSSIA IPS
./apf -d 217.198.160.0/19 DENY RUSSIA IPS
./apf -d 217.199.208.0/20 DENY RUSSIA IPS
./apf -d 217.199.240.0/20 DENY RUSSIA IPS
./apf -d 217.199.240.0/20 DENY RUSSIA IPS

Thanks.

Last edited by latino; 10-14-2006 at 06:58 PM.
 
Old 10-14-2006, 07:37 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 270Reputation: 270Reputation: 270
First get this list in a file and you'll want to cut or grab all of the IP Ranges or IP Blocks listed..

Name the file something like blacklist and then run this command to create a new file with just the IP's:

Code:
cat blacklist | cut -d" " -f3 > new-blacklist
Check your new-blacklist file and make sure it looks ok.

Then you can run a command like this to create IPTable rules to totally block all of these ranges:

Code:
for IP in `cat new-blacklist`
do
/usr/sbin/iptables -A INPUT -s $IP -j DROP
done
Or however you want to setup your rule, etc.
 
Old 10-14-2006, 07:43 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
those don't look like iptables rules to me...

either way, if you put those lines in a file called apf.txt:
Code:
./apf -d 195.49.184.0/22 DENY RUSSIA IPS
./apf -d 195.49.192.0/21 DENY RUSSIA IPS
./apf -d 195.49.232.0/21 DENY RUSSIA IPS
./apf -d 195.54.0.0/19 DENY RUSSIA IPS
./apf -d 195.149.110.0/23 DENY RUSSIA IPS
./apf -d 217.23.176.0/20 DENY RUSSIA IPS
./apf -d 217.24.112.0/20 DENY RUSSIA IPS
./apf -d 217.24.176.0/20 DENY RUSSIA IPS
./apf -d 217.25.80.0/20 DENY RUSSIA IPS
./apf -d 217.25.144.0/20 DENY RUSSIA IPS
./apf -d 217.26.0.0/19 DENY RUSSIA IPS
./apf -d 217.26.176.0/20 DENY RUSSIA IPS
./apf -d 217.28.80.0/20 DENY RUSSIA IPS
./apf -d 217.28.208.0/20 DENY RUSSIA IPS
./apf -d 217.29.80.0/20 DENY RUSSIA IPS
./apf -d 217.29.112.0/20 DENY RUSSIA IPS
./apf -d 217.29.176.0/20 DENY RUSSIA IPS
./apf -d 217.30.240.0/20 DENY RUSSIA IPS
./apf -d 217.65.0.0/20 DENY RUSSIA IPS
./apf -d 217.65.80.0/20 DENY RUSSIA IPS
./apf -d 217.65.208.0/20 DENY RUSSIA IPS
./apf -d 217.66.16.0/20 DENY RUSSIA IPS
./apf -d 217.66.64.0/19 DENY RUSSIA IPS
./apf -d 217.66.144.0/20 DENY RUSSIA IPS
./apf -d 217.67.0.0/20 DENY RUSSIA IPS
./apf -d 217.67.112.0/20 DENY RUSSIA IPS
./apf -d 217.67.144.0/20 DENY RUSSIA IPS
./apf -d 217.67.176.0/20 DENY RUSSIA IPS
./apf -d 217.69.112.0/20 DENY RUSSIA IPS
./apf -d 217.69.192.0/19 DENY RUSSIA IPS
./apf -d 217.70.16.0/20 DENY RUSSIA IPS
./apf -d 217.70.96.0/19 DENY RUSSIA IPS
./apf -d 217.71.128.0/20 DENY RUSSIA IPS
./apf -d 217.72.0.0/20 DENY RUSSIA IPS
./apf -d 217.72.144.0/20 DENY RUSSIA IPS
./apf -d 217.73.112.0/20 DENY RUSSIA IPS
./apf -d 217.73.192.0/20 DENY RUSSIA IPS
./apf -d 217.73.240.0/20 DENY RUSSIA IPS
./apf -d 217.74.32.0/20 DENY RUSSIA IPS
./apf -d 217.74.112.0/20 DENY RUSSIA IPS
./apf -d 217.74.128.0/19 DENY RUSSIA IPS
./apf -d 217.74.160.0/20 DENY RUSSIA IPS
./apf -d 217.74.240.0/20 DENY RUSSIA IPS
./apf -d 217.76.32.0/20 DENY RUSSIA IPS
./apf -d 217.76.176.0/20 DENY RUSSIA IPS
./apf -d 217.77.96.0/19 DENY RUSSIA IPS
./apf -d 217.78.176.0/20 DENY RUSSIA IPS
./apf -d 217.79.16.0/20 DENY RUSSIA IPS
./apf -d 217.79.48.0/20 DENY RUSSIA IPS
./apf -d 217.106.0.0/15 DENY RUSSIA IPS
./apf -d 217.112.16.0/20 DENY RUSSIA IPS
./apf -d 217.113.112.0/20 DENY RUSSIA IPS
./apf -d 217.114.0.0/19 DENY RUSSIA IPS
./apf -d 217.114.32.0/20 DENY RUSSIA IPS
./apf -d 217.114.144.0/20 DENY RUSSIA IPS
./apf -d 217.114.176.0/20 DENY RUSSIA IPS
./apf -d 217.114.224.0/19 DENY RUSSIA IPS
./apf -d 217.115.80.0/20 DENY RUSSIA IPS
./apf -d 217.115.176.0/20 DENY RUSSIA IPS
./apf -d 217.116.48.0/20 DENY RUSSIA IPS
./apf -d 217.116.128.0/19 DENY RUSSIA IPS
./apf -d 217.117.80.0/20 DENY RUSSIA IPS
./apf -d 217.117.112.0/20 DENY RUSSIA IPS
./apf -d 217.117.176.0/20 DENY RUSSIA IPS
./apf -d 217.118.64.0/19 DENY RUSSIA IPS
./apf -d 217.118.176.0/20 DENY RUSSIA IPS
./apf -d 217.119.16.0/20 DENY RUSSIA IPS
./apf -d 217.119.80.0/20 DENY RUSSIA IPS
./apf -d 217.144.96.0/20 DENY RUSSIA IPS
./apf -d 217.144.160.0/19 DENY RUSSIA IPS
./apf -d 217.145.144.0/20 DENY RUSSIA IPS
./apf -d 217.146.32.0/20 DENY RUSSIA IPS
./apf -d 217.146.192.0/20 DENY RUSSIA IPS
./apf -d 217.147.0.0/19 DENY RUSSIA IPS
./apf -d 217.147.48.0/20 DENY RUSSIA IPS
./apf -d 217.148.48.0/20 DENY RUSSIA IPS
./apf -d 217.148.192.0/19 DENY RUSSIA IPS
./apf -d 217.148.224.0/20 DENY RUSSIA IPS
./apf -d 217.149.16.0/20 DENY RUSSIA IPS
./apf -d 217.150.0.0/18 DENY RUSSIA IPS
./apf -d 217.150.192.0/20 DENY RUSSIA IPS
./apf -d 217.151.16.0/20 DENY RUSSIA IPS
./apf -d 217.151.64.0/20 DENY RUSSIA IPS
./apf -d 217.151.128.0/20 DENY RUSSIA IPS
./apf -d 217.168.64.0/20 DENY RUSSIA IPS
./apf -d 217.168.240.0/20 DENY RUSSIA IPS
./apf -d 217.169.80.0/20 DENY RUSSIA IPS
./apf -d 217.170.64.0/19 DENY RUSSIA IPS
./apf -d 217.170.112.0/20 DENY RUSSIA IPS
./apf -d 217.170.208.0/20 DENY RUSSIA IPS
./apf -d 217.171.0.0/20 DENY RUSSIA IPS
./apf -d 217.171.64.0/20 DENY RUSSIA IPS
./apf -d 217.171.144.0/20 DENY RUSSIA IPS
./apf -d 217.171.224.0/20 DENY RUSSIA IPS
./apf -d 217.172.16.0/20 DENY RUSSIA IPS
./apf -d 217.173.0.0/19 DENY RUSSIA IPS
./apf -d 217.174.96.0/20 DENY RUSSIA IPS
./apf -d 217.174.176.0/20 DENY RUSSIA IPS
./apf -d 217.175.16.0/20 DENY RUSSIA IPS
./apf -d 217.175.128.0/19 DENY RUSSIA IPS
./apf -d 217.194.240.0/20 DENY RUSSIA IPS
./apf -d 217.195.64.0/19 DENY RUSSIA IPS
./apf -d 217.195.96.0/20 DENY RUSSIA IPS
./apf -d 217.195.208.0/20 DENY RUSSIA IPS
./apf -d 217.196.96.0/19 DENY RUSSIA IPS
./apf -d 217.197.112.0/20 DENY RUSSIA IPS
./apf -d 217.197.240.0/20 DENY RUSSIA IPS
./apf -d 217.198.0.0/20 DENY RUSSIA IPS
./apf -d 217.198.80.0/20 DENY RUSSIA IPS
./apf -d 217.198.160.0/19 DENY RUSSIA IPS
./apf -d 217.199.208.0/20 DENY RUSSIA IPS
./apf -d 217.199.240.0/20 DENY RUSSIA IPS
./apf -d 217.199.240.0/20 DENY RUSSIA IPS
then you can extract the IPs like this:
Code:
cat apf.txt | awk '{print $3}'
hence, you can put those IPs in a text file like this:
Code:
cat apf.txt | awk '{print $3}' > ips.txt
then you can tell iptables to use the list of IPs in that file like this:
Code:
for ip in `cat ips.txt`; do
   iptables -I INPUT -s $ip -j DROP
done
just my ...

EDIT: hehe, trickykid beat me to it...

Last edited by win32sux; 10-14-2006 at 07:47 PM.
 
Old 10-14-2006, 08:20 PM   #4
latino
Member
 
Registered: Aug 2003
Location: Puerto Rico
Distribution: Centos 6.6
Posts: 142

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by trickykid
First get this list in a file and you'll want to cut or grab all of the IP Ranges or IP Blocks listed..

Name the file something like blacklist and then run this command to create a new file with just the IP's:

Code:
cat blacklist | cut -d" " -f3 > new-blacklist
Check your new-blacklist file and make sure it looks ok.

Then you can run a command like this to create IPTable rules to totally block all of these ranges:

Code:
for IP in `cat new-blacklist`
do
/usr/sbin/iptables -A INPUT -s $IP -j DROP
done
Or however you want to setup your rule, etc.
Hi:

If I use APF firewall, will APF work with the iptables? Or I have to do this with APF. I wonder this coould be tweak for apf too:

Executing from /usr/sbin..
Code:
for IP in `cat new-blacklist`
do
./apf -d $IP RUSSIA IP
done
Will this work too with APF this way??

Thanks.
 
Old 10-14-2006, 08:28 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
yes, the for/do/done will work for whatever you want...

but if you wanna use the apf thing to do this (instead of iptables), then you don't even need to use for/do/done as you could just put the lines in your your first post in a text file with a shebang (#!/bin/sh), give it execute perms, and then execute it... it's your call really...
 
Old 10-14-2006, 08:32 PM   #6
latino
Member
 
Registered: Aug 2003
Location: Puerto Rico
Distribution: Centos 6.6
Posts: 142

Original Poster
Rep: Reputation: 15
Hi:

This is the beauty of Linux. I reemember something like that. So I just take my file with this:

/apf -d 195.49.184.0/22 DENY RUSSIA IPS
./apf -d 195.49.192.0/21 DENY RUSSIA IPS
./apf -d 195.49.232.0/21 DENY RUSSIA IPS
./apf -d 195.54.0.0/19 DENY RUSSIA IPS
./apf -d 195.149.110.0/23 DENY RUSSIA IPS
./apf -d 217.23.176.0/20 DENY RUSSIA IPS
./apf -d 217.24.112.0/20 DENY RUSSIA IPS
./apf -d 217.24.176.0/20 DENY RUSSIA IPS
./apf -d 217.25.80.0/20 DENY RUSSIA IPS
./apf -d 217.25.144.0/20 DENY RUSSIA IPS
.
.
.
and just add shebang (#!/bin/sh) and chmod 755. It should work fine.

Thanks both for the answer!!



UPDATE:
It works.

Last edited by latino; 10-14-2006 at 10:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux in Russia gowfer General 3 03-04-2006 01:21 PM
LXer: From Russia with code LXer Syndicated Linux News 0 02-08-2006 02:31 AM
LXer: IBM offers free development tools in Russia LXer Syndicated Linux News 0 02-04-2006 06:31 AM
hi from Russia dr_sad LinuxQuestions.org Member Intro 4 12-23-2005 03:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration