Iptables block ip address – Security Shell Script

in Firewall last updated December 20, 2008

Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server:

192.168.1.0/24
202.54.1.2
# spam
202.5.1.2

192.168.1.0/24

202.54.1.2

# spam

202.5.1.2

Call following script from your existing shell script:

#!/bin/bash
# Simple iptables IP/subnet block script 
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
IPT=/sbin/iptables
SPAMLIST="spamlist"
SPAMDROPMSG="SPAM LIST DROP"
BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)

# create a new iptables list
$IPT -N $SPAMLIST

for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done

$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST

#!/bin/bash

# Simple iptables IP/subnet block script

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# ----------------------------------------------------------------------

IPT=/sbin/iptables

SPAMLIST="spamlist"

SPAMDROPMSG="SPAM LIST DROP"

BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)

# create a new iptables list

$IPT -N $SPAMLIST

for ipblock in $BADIPS

$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"

$IPT -A $SPAMLIST -s $ipblock -j DROP

done

$IPT -I INPUT -j $SPAMLIST

$IPT -I OUTPUT -j $SPAMLIST

$IPT -I FORWARD -j $SPAMLIST

9 comment

Erik says:
January 16, 2012 at 10:53 pm
i have a ip that i want to block 78.47.53.243 in my dreambox ???
please..
gamecp says:
March 30, 2011 at 2:58 pm
great script!
dodger says:
July 5, 2010 at 12:34 pm
thanks for this script..
btw i have some error with “BADIPS=$(egrep -v -E “^#|^$” /root/iptables/blocked.ips)”
with -E swich… i change it to -e and its work fine
in egrep –help no -E option
ubuntu 10.04
peace says:
February 23, 2010 at 8:51 pm
hi i new to iptables where exactly should i write this script any help
please
thanks for any help appreciated.
Andre says:
October 28, 2009 at 6:53 pm
i wanna allow just this ip [10.0.0.100 – 10.0.0.112, 10.0.0.2, 10.0.0.3] and block other ip how is the configuration.
please send to my email : nseshop@gmail.com
thanks very much
parbat says:
June 24, 2009 at 1:05 pm
hi
everybody now will come big platform
Charon says:
June 19, 2009 at 12:45 pm
I think rule
$IPT -I OUTPUT -j $SPAMLIST
is incorrect. Because in this case $ipblock is destination (-d), not source (-s)
Igor says:
May 29, 2009 at 12:55 am
How can I remove ip’s from blocked
1. Ghulam Sakhi says:
  June 29, 2011 at 10:49 am
  Dear Reader.
  you can remove IP from block by this short command
  #iptables -D input -s 172.20.7.12 IP ADDRESS -j DROP
  172.20.7.12 is an example you can remove any IP that you want just type instate

Have a question? Post it on our forum!

Share this on:

9 comment