Iptables block ip address – Security Shell Script

by Vivek Gite on December 20, 2008 · 9 comments · [ vivek@nixcraft.com ]

Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server:

192.168.1.0/24
202.54.1.2
# spam
202.5.1.2

Call following script from your existing shell script:

#!/bin/bash
# Simple iptables IP/subnet block script
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
IPT=/sbin/iptables
SPAMLIST="spamlist"
SPAMDROPMSG="SPAM LIST DROP"
BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)
 
# create a new iptables list
$IPT -N $SPAMLIST
 
for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done
 
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
4000+ howtos and counting! If you enjoyed this article, join 45000+ others and get free email updates!

Igor May 29, 2009

How can I remove ip’s from blocked

Reply

Ghulam Sakhi June 29, 2011

Dear Reader.
you can remove IP from block by this short command
#iptables -D input -s 172.20.7.12 IP ADDRESS -j DROP
172.20.7.12 is an example you can remove any IP that you want just type instate

Reply

Charon June 19, 2009

I think rule
$IPT -I OUTPUT -j $SPAMLIST
is incorrect. Because in this case $ipblock is destination (-d), not source (-s)

Reply

parbat June 24, 2009

hi

everybody now will come big platform

Reply

Andre October 28, 2009

i wanna allow just this ip [10.0.0.100 - 10.0.0.112, 10.0.0.2, 10.0.0.3] and block other ip how is the configuration.
please send to my email : nseshop@gmail.com

thanks very much

Reply

peace February 23, 2010

hi i new to iptables where exactly should i write this script any help
please
thanks for any help appreciated.

Reply

dodger July 5, 2010

thanks for this script..
btw i have some error with “BADIPS=$(egrep -v -E “^#|^$” /root/iptables/blocked.ips)”
with -E swich… i change it to -e and its work fine
in egrep –help no -E option

ubuntu 10.04

Reply

gamecp March 30, 2011

great script!

Reply

Erik January 16, 2012

i have a ip that i want to block 78.47.53.243 in my dreambox ???

please..

Reply

Leave a Comment

You can use these HTML tags and attributes for UNIX commands or shell scripts: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 7 + 11 ?
Please leave these two fields as-is:
Are you a human being? Solve the simple math so we know that you are a human and not a script.



Tagged as: , , , , , , , ,