Iptables block ip address – Security Shell Script

by Vivek Gite on December 20, 2008

Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server:

192.168.1.0/24
202.54.1.2
# spam
202.5.1.2

192.168.1.0/24

202.54.1.2

# spam

202.5.1.2

Call following script from your existing shell script:

#!/bin/bash
# Simple iptables IP/subnet block script
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
IPT=/sbin/iptables
SPAMLIST="spamlist"
SPAMDROPMSG="SPAM LIST DROP"
BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)
# create a new iptables list
$IPT -N $SPAMLIST
for ipblock in $BADIPS
do
   $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
   $IPT -A $SPAMLIST -s $ipblock -j DROP
done
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST

#!/bin/bash

# Simple iptables IP/subnet block script

# -------------------------------------------------------------------------

# This script is licensed under GNU GPL version 2.0 or above

# -------------------------------------------------------------------------

# This script is part of nixCraft shell script collection (NSSC)

# Visit http://bash.cyberciti.biz/ for more information.

# ----------------------------------------------------------------------

IPT=/sbin/iptables

SPAMLIST="spamlist"

SPAMDROPMSG="SPAM LIST DROP"

BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)

# create a new iptables list

$IPT -N $SPAMLIST

for ipblock in $BADIPS

$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"

$IPT -A $SPAMLIST -s $ipblock -j DROP

done

$IPT -I INPUT -j $SPAMLIST

$IPT -I OUTPUT -j $SPAMLIST

$IPT -I FORWARD -j $SPAMLIST

Tagged as: egrep command, firewall iptables, grep command, iptables, iptables command, linux firewall, script to block IP address, security shell, shell script

{ 9 comments… add one }

Erik January 16, 2012, 10:53 pm
i have a ip that i want to block 78.47.53.243 in my dreambox ???
please..
Reply Link
gamecp March 30, 2011, 2:58 pm
great script!
Reply Link
dodger July 5, 2010, 12:34 pm
thanks for this script..
btw i have some error with “BADIPS=$(egrep -v -E “^#|^$” /root/iptables/blocked.ips)”
with -E swich… i change it to -e and its work fine
in egrep –help no -E option
ubuntu 10.04
Reply Link
peace February 23, 2010, 8:51 pm
hi i new to iptables where exactly should i write this script any help
please
thanks for any help appreciated.
Reply Link
Andre October 28, 2009, 6:53 pm
i wanna allow just this ip [10.0.0.100 – 10.0.0.112, 10.0.0.2, 10.0.0.3] and block other ip how is the configuration.
please send to my email : nseshop@gmail.com
thanks very much
Reply Link
parbat June 24, 2009, 1:05 pm
hi
everybody now will come big platform
Reply Link
Charon June 19, 2009, 12:45 pm
I think rule
$IPT -I OUTPUT -j $SPAMLIST
is incorrect. Because in this case $ipblock is destination (-d), not source (-s)
Reply Link
Igor May 29, 2009, 12:55 am
How can I remove ip’s from blocked
Reply Link
- Ghulam Sakhi June 29, 2011, 10:49 am
  Dear Reader.
  you can remove IP from block by this short command
  #iptables -D input -s 172.20.7.12 IP ADDRESS -j DROP
  172.20.7.12 is an example you can remove any IP that you want just type instate
  Reply Link

Next Script: Shell Script Beep Media Player Display Currently Playing MP3 File

Previous Script: MySQL Drop All Tables Shell Script Utility