Find the answer to your Linux question:
Results 1 to 3 of 3
First, here's my script in the making: Code: #!/bin/bash WHITELIST=good_ips.txt BLACKLIST=bad_ips.txt ALLOWED="22 80 3306" # Ports used: # 22 - SSH # 80 - HTTP # 3306 - MySQL # ...
  1. 12-16-2008 #1
    JVincent08
    JVincent08 is offline
    Just Joined!
    Join Date
    Feb 2008
    Posts
    72

    Writing an IP Tables script to read from a blacklist text file

    First, here's my script in the making:
    Code:
    #!/bin/bash

WHITELIST=good_ips.txt
BLACKLIST=bad_ips.txt
ALLOWED="22 80 3306"

# Ports used: 
# 22 - SSH    
# 80 - HTTP       
# 3306 - MySQL

# Drop all existing rules
iptables -F



# Allow ALL traffic from hosts in $WHITELIST
for x in `cat $WHITELIST`; do 
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
done

# Block all traffic from IP ranges in $BLACKLIST
for x in `cat $BLACKLIST`; do 
echo "Blocking $x..."
iptables -A INPUT -m iprange --src-range $x -j DROP
done

# Allow specific ports in $ALLOWED for trusted hosts
for port in $ALLOWED; do 
echo "Accepting port $port..."
iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done
    bad_ips.txt contains a list of IP ranges in X.X.X.X-Y.Y.Y.Y format, with each range on its own line. When I run the script, it appears as though iptables is only recognizing the second IP number in each range (which shouldn't produce an error anyway), even though both numbers are stored together in the same variable:
    Code:
    root@host:~# sh iptables_init 
Permitting 127.0.0.1...
...cking 3.0.0.0-3.255.255.255
'ptables v1.4.0: iprange match: Bad IP address `3.255.255.255

Try `iptables -h' or 'iptables --help' for more information.
...cking 4.0.25.146-4.0.25.148
'ptables v1.4.0: iprange match: Bad IP address `4.0.25.148
    And so on for each range. Also notice the odd formatting of the output (not a huge deal, but strange). Executing these commands manually works just fine, with no errors.

    I've looked through my code over and over again, and I can't see where I went wrong. Any help?

    Edit: Turns out adding a space after each line in the file solved the problem. A simple sed command did the trick:
    Code:
    sed -i 's/\r/ /g' bad_ips.txt
    to replace each carriage return with a space.
    Reply With Quote Reply With Quote
  2. 12-27-2008 #2
    WoodsyDotOrg
    WoodsyDotOrg is offline
    Just Joined!
    Join Date
    Dec 2008
    Location
    Canberra, Australia
    Posts
    8
    Methinks a DOS vs UNIX - LF/CR text issue.

    Let me guess, you edited the files in notepad at some stage? :]
    Reply With Quote Reply With Quote
  3. 01-08-2009 #3
    jasenux
    jasenux is offline
    Just Joined!
    Join Date
    Jan 2009
    Posts
    3
    if u have used windows/dos to edit the file, try

    Code:
    dos2unix bad_ips.txt
    that should fix it. have fun.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...