I’ve been sharpening my iptables skills the last little while. I adapted several methods I found for blacklisting ip addresses to meet my needs. I started off by creating a new chain called BLACKLIST:
root@machine:~# iptables -N BLACKLIST
and run all traffic through the BLACKLIST chain:
root@machine:~# iptables -A INPUT -j BLACKLIST
Obviously that rule needs to be pretty close to the beginning (read the first rule) of the INPUT chain, otherwise, you won’t really be blacklisting traffic, will you? If there are existing rules on the INPUT chain use this command:
root@machine:~# iptables -I INPUT 1 -j BLACKLIST
To ease the blacklisting of IP addresses, I adapted (and fixed bugs in) a shell script found on the web:
#!/bin/bash
IP="$1"
echo "Blacklisting $IP."
iptables -A BLACKLIST --src $IP -j LOG --log-prefix \
"Traffic from blacklisted IP: "
iptables -A BLACKLIST --src $IP -j DROP
echo "`date`: $IP" >> /var/log/blacklisted_ips
Put that script in your path, and name it something meaningful, e.g. blacklist_ip.sh and blacklist away:
root@machine:~# blacklist_ip.sh 457.612.991.843
For more on iptables in Ubuntu, visit this page https://help.ubuntu.com/community/IptablesHowTo
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.