My Blog

contains PHP and other web related content. (Sometimes there are some off topic things - don't freak out!)

Block and Allow IP with iptables – simple script

As most developers are lazy, I’m a huge fan of scripts. I’ve found myself lately having to add entries to iptables to block a single IP or a small subnet, so I made a quick script to make the job easier on myself.

Usage for both of these is of course really simple. Say 123.1.2.3 is the IP in question:

sudo ./blockip.sh 123.1.2.3
sudo ./allowip.sh 123.1.2.3

blockip.sh
Blocks the IP using iptables

?View Code BASH
1
2
3
4
5
6
7

#!/bin/bash
 
#blocking iptables
/sbin/iptables -A INPUT -s $1 -j DROP
 
#saving iptables
/sbin/iptables-save > /etc/sysconfig/iptables

allowip.sh
Removes the entry from iptables

?View Code BASH
1
2
3
4
5
6
7

#!/bin/bash
 
#allowing iptables
/sbin/iptables -D INPUT -s $1 -j DROP
 
#saving iptables
/sbin/iptables-save > /etc/sysconfig/iptables

Tags: ,

«
»

This entry was posted on Wednesday, November 25th, 2009 at 2:04 pm and is filed under linux, scripting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Block and Allow IP with iptables – simple script”

  1. defunkt says:
    January 31, 2010 at 12:59 pm

    now… to be even more lazy…

    how bout a cron script that checks the amount of connections per host, and if above thresh-hold X will call your blockip.sh.

    dynamic firewall for certain types of attacks.. im actually looking at writing one, just havnt been successfull as of yet.

    netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n -r

    any hints?

Leave a Reply

  • twitter loader

Follow me on twitter: @aaronsaray

The views on this website are my own and do not reflect the opinions of my employer or clients.
Creative Commons License Home | Open Source | Book | Music | Art | Bio | Resume | Contact
My Baby