How would you script the temporary IP banning on Linux?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
PM was obviously sent to prevent wasting the time of others (like you and others in this topic like to do) and it is my choice i do not want to use f2b, not sure why you kids does not understand, but i do not care why, i just hope you stop wasting time of all the people by your unsolicited content instead of replying strictly ontopic or keep silent.
Similar to messages I received in the past as well, pan64; my favorite was:
Quote:
Originally Posted by postcd
Im not looking to waste hours of time reading some technical data to get answer to my question.
postcd: you asked for advice and 'better' ways to do what you want. You received that advice, here and seven years ago when you first asked this question. You have been using iptables and ipset for at least seven years at this point as well, so you should know why that rule isn't disappearing at the time you wanted, and how to make that happen. Situations like yours are EXACTLY why fail2ban was created and is used.
Don't want to use it? Fine...then by all means, write your own scripts/programs to do whatever you want using whatever methods you want. But complaining about the answers you get when you ask a question won't get you closer to meeting your goals. Either use what was suggested or write your own solution...choose one.
So any idea about the method using just IPtables (it would be good if someone address commands i have mentioned in first post)?
I think that the ipset method i have described in the first post is working.
#1 If you have something that works, why did you post the question?
#2 Why will you never explain what there is about the situation that precludes any of the better suggestions or solutions?
#3 How do you expect pertinent answers if you cannot explain the basis for the question?
You would have us shooting at catfish, in the dark, at night, in a rainstorm. This is generally not productive.
The title of the thread starts "How would you..." The answer is obviously "Not like that!", since there are easier and better ways.
Offtopic you have requested:
Share it or ask additional questions, i am ignoring certain unscrupulous troll in this thread so i may have missed some questions. For the third time kids, f2b wont be used ATM and i do not need to explain why, instead of writing stories that does not help anyone, come with a different solution, ask additional question to shed more light on this or close the web browser tab. Also you guys should learn to use PMs so you do not waste the time of the readers of this forum (hobby of some entities here).
Offtopic you have requested:
Share it or ask additional questions, i am ignoring certain unscrupulous troll in this thread so i may have missed some questions. For the third time kids, f2b wont be used ATM and i do not need to explain why, instead of writing stories that does not help anyone, come with a different solution, ask additional question to shed more light on this or close the web browser tab. Also you guys should learn to use PMs so you do not waste the time of the readers of this forum (hobby of some entities here).
We did share the better ways (fail2ban), and did ask questions (which you don't bother answering). If you won't answer questions what do you expect?
Fail2ban is pretty much the 'standard' for doing exactly this, yet you can't use it for some unspecified reason.
You appear to be able to use OTHER tools (nftables)
You won't tell us why you can or can't load certain things.
You won't take the advice of writing a script to do this
You don't appear to understand why iptables isn't removing that rule
You had an ipset idea, yet never posted back about it, and claim that it is working, so why continue to post?
The subject line here is "How would you script...", yet we haven't yet seen your script; do you expect us to write it? If not, where is your script?
You have spent more time complaining than participating in the conversation, and you certainly don't need to post in this thread that you're sending someone a PM. The only person who appears to be wasting time in this thread and on this forum is you, honestly.
You were told to use fail2ban seven years ago and that hasn't changed now. Since you're insulting people here who are trying to answer your question ("kids", "unscrupulous troll", "waste the time", etc.) You've been asking questions about iptables, ipset, and scripting for those past seven years means you should have all the knowledge you need to accomplish your task, so why can't you come up with a solution on your own, rather than doing nothing but criticizing others?
Ok, so back to the original topic. How can we help you?
Quote:
Originally Posted by postcd
How would you script the temporary IP banning on Linux?
I would propose this answer:
See how fail2ban does it and reproduce that functionality in a language of your choice.
Because otherwise (as OP seems to pose: without suggesting existing solutions), answering this question really means giving OP a step-by-step guide to writing their own, help them troubleshoot it, or even write it for them from scratch.
Identifying Help Vampires can be tricky, because they look like any ordinary person (or internet user, whichever is lesser). But by closely observing an individual’s behavior using this handy checklist, you too can identify Help Vampires in the field:
Does he ask the same, tired questions others ask (at a rate of once or more per minute)?
Does he clearly lack the ability or inclination to ask the almighty Google?
Does he refuse to take the time to ask coherent, specific questions?
Does he think helping him must be the high point of your day?
Does he get offensive, as if you need to prove to him why he should use Ruby on Rails?
Is he obviously just waiting for some poor, well-intentioned person to do all his thinking for him?
Can you tell he really isn’t interested in having his question answered, so much as getting someone else to do his work?
Another key indicator for Help Vampires is the clearly stated but “impossible” question. These questions look reasonable on the surface, but in fact they are impossible to answer for a number of reasons.
PS:
OK, OP has added a "solution" to their first post, which they found "without our help". Whether that is an actual solution I cannot say. Or why they haven't taken the additional 2s to mark this thread SOLVED.
Anyhow, this clearly indicates that OP is "done with us" - for now.
Maybe they just needed a reminder that their intelligence is still far superior to ours.
Here's their updated OP:
Quote:
Originally Posted by postcd
If i want to iptables v1.8.7 ban external IP on INPUT to my Linux for 24 hours from now, how to do it?
It seems to be showing timezone. I can do: "$ date --iso-8601=minutes|head -c 16"
after wasting some more time, my idea on command is:
(hours can be replaced by minutes etc.)
it bans the IP. The iptables -S output:
But after the time expire, the entry remains in iptables and i think that it prevent connections even after defined time because after i removed the rule (by replacing -I by -D), connection from that IP appeared.
UPDATE/SOLUTIONS:
A) try following command instead:
sudo iptables -I INPUT -s 1.2.3.4 -m time --datestop "$(date --date='+24 hours' --utc '+%FT%R')" -j DROP
B) use ipset instead of iptables:
Install "ipset" package
sudo ipset create badips iphash maxelem 1000111222 timeout 0
sudo ipset add badips 1.2.3.4 timeout 86400
iptables -I INPUT -m set --match-set badips src -j DROP
save iptables (various distros, various command - yes stupid) maybe: iptables-save > /etc/sysconfig/iptables;service iptables save
(not tried yet)
How you would you iptables block the ip for 24hrs. better?
Offtopic:
@ondoho yes, my ipset solution worked, so far possibly the best solution for me and i can recommend it. Please do not waste this forum database space by long offtopic posts. Also alot of duplicity is in your post. I also does not understand why you guys are wasting alot of vertical space by having 8 text lines in your signature. (i would send this over PM, but see no possibility, maybe intentional), but sorry for OT you have again initiated.
Offtopic:
@ondoho yes, my ipset solution worked, so far possibly the best solution for me and i can recommend it. Please do not waste this forum database space by long offtopic posts. Also alot of duplicity is in your post. I also does not understand why you guys are wasting alot of vertical space by having 8 text lines in your signature. (i would send this over PM, but see no possibility, maybe intentional), but sorry for OT you have again initiated.
No, sorry...you are the only one continuing to post off-topic. The amount of space in the database and the amount of lines in a posting signature is absolutely NOTHING you need to be concerned with, since this isn't your forum.
And if your ipset 'solution' is working, then why did you continue to post asking for ways to accomplish what you already did?? If you've solved your problem, then there's no reason to post here is there?? And most people will probably use fail2ban since it was designed and written to do EXACTLY what you wanted to do, with very little effort.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.