Iptables block ip address – Security Shell Script

Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server:

192.168.1.0/24
202.54.1.2
# spam
202.5.1.2

Call following script from your existing shell script:

#!/bin/bash
# Simple iptables IP/subnet block script 
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
IPT=/sbin/iptables
SPAMLIST="spamlist"
SPAMDROPMSG="SPAM LIST DROP"
BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)
 
# create a new iptables list
$IPT -N $SPAMLIST
 
for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done
 
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
Get the latest tutorials on SysAdmin, Linux/Unix, Open Source, and DevOps topics:
CategoryList of Unix and Linux commands
File Management cat
Firewall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilities dig host ip nmap
OpenVPN CentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Manager apk apt
Processes Management bg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searching grep whereis which
User Information groups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPN CentOS 8 Debian 10 Firewall Ubuntu 20.04
9 comments… add one
  • Erik Jan 16, 2012 @ 22:53

    i have a ip that i want to block 78.47.53.243 in my dreambox ???

    please..

  • gamecp Mar 30, 2011 @ 14:58

    great script!

  • dodger Jul 5, 2010 @ 12:34

    thanks for this script..
    btw i have some error with “BADIPS=$(egrep -v -E “^#|^$” /root/iptables/blocked.ips)”
    with -E swich… i change it to -e and its work fine
    in egrep –help no -E option

    ubuntu 10.04

  • peace Feb 23, 2010 @ 20:51

    hi i new to iptables where exactly should i write this script any help
    please
    thanks for any help appreciated.

  • Andre Oct 28, 2009 @ 18:53

    i wanna allow just this ip [10.0.0.100 – 10.0.0.112, 10.0.0.2, 10.0.0.3] and block other ip how is the configuration.
    please send to my email : nseshop@gmail.com

    thanks very much

  • parbat Jun 24, 2009 @ 13:05

    hi

    everybody now will come big platform

  • Charon Jun 19, 2009 @ 12:45

    I think rule
    $IPT -I OUTPUT -j $SPAMLIST
    is incorrect. Because in this case $ipblock is destination (-d), not source (-s)

  • Igor May 29, 2009 @ 0:55

    How can I remove ip’s from blocked

    • Ghulam Sakhi Jun 29, 2011 @ 10:49

      Dear Reader.
      you can remove IP from block by this short command
      #iptables -D input -s 172.20.7.12 IP ADDRESS -j DROP
      172.20.7.12 is an example you can remove any IP that you want just type instate

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.