LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-21-2014, 06:04 AM   #1
postcd
Member
 
Registered: Oct 2013
Posts: 449

Rep: Reputation: Disabled
How to set temporary IP ban in one command


Hello,

i want to deny an IP 2.2.2.2 using iptables for 15 minutes.

This must be one line command, because i want to use it in mod_deflate in this variable:
Quote:
DOSSystemCommand “.....”
Someone used:
Quote:
DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP”
but i assume this is permanent ban untill server reboot which is too longterm ban i think, i need 15 minute ban in one command?
 
Old 04-21-2014, 07:04 AM   #2
myatthu
Member
 
Registered: Jan 2014
Distribution: CentOS, Fedora, Ubuntu
Posts: 108

Rep: Reputation: 18
This article is great for your requirements link

Cheer
 
1 members found this post helpful.
Old 04-22-2014, 05:08 AM   #3
gengisdave
Member
 
Registered: Dec 2013
Location: Turin, Italy
Distribution: slackware
Posts: 327

Rep: Reputation: 73
if you can't/don't want compile code or have problems with installation of mod_evasive, another option is Fail2Ban, you can manually ban an ip for a pre-configured time (you can have more than one time, or JAILs in fail2ban docs).
 
Old 04-22-2014, 02:55 PM   #4
postcd
Member
 
Registered: Oct 2013
Posts: 449

Original Poster
Rep: Reputation: Disabled
Lightbulb

Quote:
Originally Posted by myatthu View Post
This article is great for your requirements link
thx, i would like to do it in one commend without creating extra bash script, what about this?

DOSSystemCommand ôsudo /sbin/iptables -A INPUT -s %s -j DROP;echo \"iptables -D INPUT -s %s -j DROP\" | at now + 2 hours"
 
Old 04-22-2014, 03:57 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
I second gengisdave's suggestion for fail2ban. Not only does it lay down all the groundwork it also can use ipset which is way better maintenance and performance-wise. Also use the mangle for bit buckets. Save the filter table for stuff that matters.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
set command kspgreenhorn Linux - Newbie 2 08-05-2013 04:20 AM
Command "mail" returns "panic: temporary file seek" kenneho Linux - Software 5 12-23-2008 04:27 AM
command to temporary change current shell. hocheetiong Linux - Newbie 1 04-24-2008 02:07 PM
Temporary Disable History Command leebrent Linux - Security 1 02-11-2008 09:54 PM
set command consty Programming 7 02-23-2007 03:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration