8

How can I bulk add a text file full of IP blocks to IPTables using BASH (or another scripting language)? Or is there some other way of blocking these address ranges?

EDIT: In other words is there a way to program something to iterate through the file and build the relevant entries?

George Stocker
  • 57,289
  • 29
  • 176
  • 237
Matthew Brown aka Lord Matt
  • 2,298
  • 1
  • 27
  • 40
  • Are you set on using Webmin to manage the firewall? If not, then there are several options to doing what you're trying to do. Not knowing more about the actual problem (e.g. are the http requests invalid to begin with), it's hard to give an accurate answer. You might want to look at OSSEC, for example, to block spammy requests. – Ketola Jun 19 '14 at 06:25
  • 1
    https://kirkkosinski.com/2013/11/mass-blocking-evil-ip-addresses-iptables-ip-sets/ Try this. Might be helpful – Rajarshi Goswami Jun 19 '14 at 06:47
  • I've been using Webmin to add entries to the IPtables blocklist (a chain of deny ranges). I could manually enter all that data but it seems to me that there must be an easier way. – Matthew Brown aka Lord Matt Jun 23 '14 at 00:23
  • 2
    [fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page) is the de-facto standard tool for stuff like this. – tcooc Aug 21 '14 at 17:42
  • 4
    @Matthew - George's edits were perfect. Succinctly state what you are trying to do and what is going wrong. if you have code, then present what you have tried. Don't ramble about irrelevant fodder. Many folks don't read the ramblings, and they will move to close. Personally, I use *Unclear what you are asking* when faced with a rambling post. – jww Aug 21 '14 at 20:46
  • See also http://stackoverflow.com/questions/109553/how-can-i-programmatically-manage-iptables-rules-on-the-fly – tripleee Aug 22 '14 at 08:10

3 Answers3

14

Could you just create a loop within your iptables config script? Something like

#!/bin/bash
for x in $(cat ip_list.txt)
do
    iptables -A INPUT -s $x -j DROP
done

Where your ip_list.txt file would just look like

1.1.1.1
2.2.2.2
3.3.3.3
etc
Joshua Terrill
  • 1,995
  • 5
  • 21
  • 40
  • Are we talking actually in "/etc/sysconfig/iptables-config"? I take it then that I can do that without breaking anything? – Matthew Brown aka Lord Matt Jun 08 '14 at 04:04
  • 1
    No, typically when manipulating your IPTables rules, everything is configured in a bash script and then to apply the rules, you execute the script. This allows you to do any typical bash scripting voodoo to help you with your rules. Look at section 3 on this page for an example: http://wiki.centos.org/HowTos/Network/IPTables – Safado Jun 19 '14 at 15:24
  • 1
    More like `sed 's/.*/iptables -A INPUT -s & -j DROP/' | sh` to avoid the Useless Use of Cat and the unquoted variable. – tripleee Aug 22 '14 at 07:54
  • You should probably use option -w as well, particularly if more than one script is fiddling with the tables. – Chrissi Dec 03 '18 at 12:07
5

You can parse ip list and check whether IP address is already blocked or no:

#!/bin/bash

for i in $(cat iptables.log)
do
    /sbin/iptables -L -n -v | grep -q "${i}"
    RETVAL=$?
    if [ $RETVAL -ne 0 ]; then
     /sbin/iptables -A INPUT -s "${i}" -j DROP
    fi
done
JuZer
  • 775
  • 2
  • 7
  • 14
0

Excessive number of requests and bandwidth use might be caused by bots from search engines trying to crawl your site and also when sites like facebook or linkedin create thumbnails because someone is linking to your site from social media.

For stopping bots you should use the robots.txt file on your site. Read more about the file and configuring it at robotstxt.org. I think there is also several posts about it on stackoverflow.

Leo
  • 64
  • 3
  • The bots I have not got a problem with. The server can handle a bit of Google I'm talking about ranges with 20 to 30 active connections each from ranges belonging to known safe harbours for abusive types. At the per site level robots.txt for the well behaved scripts & badBehaviour for the not. Some IP ranges from hosting companies are still using more than their fair share of my CPU with far too many connections. Short of just blocking all of America and China I would simply to block the very big list IP ranges that belong to hosting co's that have no business poking my the server. – Matthew Brown aka Lord Matt Jun 23 '14 at 00:30