Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-21-2014, 05:04 AM   #1
Registered: Oct 2013
Posts: 524

Rep: Reputation: Disabled
How to set temporary IP ban in one command


i want to deny an IP using iptables for 15 minutes.

This must be one line command, because i want to use it in mod_deflate in this variable:
DOSSystemCommand “.....”
Someone used:
DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP”
but i assume this is permanent ban untill server reboot which is too longterm ban i think, i need 15 minute ban in one command?
Old 04-21-2014, 06:04 AM   #2
Registered: Jan 2014
Distribution: CentOS, Fedora, Ubuntu
Posts: 108

Rep: Reputation: 18
This article is great for your requirements link

1 members found this post helpful.
Old 04-22-2014, 04:08 AM   #3
Registered: Dec 2013
Location: Turin, Italy
Distribution: slackware
Posts: 328

Rep: Reputation: 74
if you can't/don't want compile code or have problems with installation of mod_evasive, another option is Fail2Ban, you can manually ban an ip for a pre-configured time (you can have more than one time, or JAILs in fail2ban docs).
Old 04-22-2014, 01:55 PM   #4
Registered: Oct 2013
Posts: 524

Original Poster
Rep: Reputation: Disabled

Originally Posted by myatthu View Post
This article is great for your requirements link
thx, i would like to do it in one commend without creating extra bash script, what about this?

DOSSystemCommand ôsudo /sbin/iptables -A INPUT -s %s -j DROP;echo \"iptables -D INPUT -s %s -j DROP\" | at now + 2 hours"
Old 04-22-2014, 02:57 PM   #5
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
I second gengisdave's suggestion for fail2ban. Not only does it lay down all the groundwork it also can use ipset which is way better maintenance and performance-wise. Also use the mangle for bit buckets. Save the filter table for stuff that matters.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
set command kspgreenhorn Linux - Newbie 2 08-05-2013 03:20 AM
Command "mail" returns "panic: temporary file seek" kenneho Linux - Software 5 12-23-2008 03:27 AM
command to temporary change current shell. hocheetiong Linux - Newbie 1 04-24-2008 01:07 PM
Temporary Disable History Command leebrent Linux - Security 1 02-11-2008 08:54 PM
set command consty Programming 7 02-23-2007 02:55 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration