Issue with iptables

[sentralorigin]

I have a list of IPs that I want to block, so I made a script to use iptables to block them. The IP list is one IP per line and the file is named "newips". The script is named "ipblock.sh". Both are located in /home/oranges.

Code:

#!/bin/bash
for IP in `cat /home/oranges/newips`; do iptables -A INPUT -s $IP -j DROP; done

So I can the script by su'ing and then typed "sh /home/oranges/ipblock.sh", and the script runs, but for every IP on the list, I get this error:

Code:

' not found.3.5: host/network `##.##.##.##
Try `iptables -h' or 'iptables --help' for more information.

(Replace ##.##.##.## with IP address).

What could be the problem?

[anomie]

Something is screwed up with the 'newips' file. Either post it here or run the script with a trace so that you can watch it with the values substituted in place of the variable.

e.g. # bash -x script_here

[sentralorigin]

Here is the "newips" file I've uploaded. You can see for yourself but as far as I can see, there's nothing wrong. Just listed IPs.

[url=http://senduit.com/644174[/url]

[anomie]

That's a big ol' file.

Well, there is lots of crap in there that is not an IP address. It will need to be cleaned up. Here is a very blunt tool approach, and you can see that I found a long list of non IP address lines.

Code:

[mrbiggles@troy ~]$ grep -v '^[0-9]\{1,3\}' newips | head -10
 Value Click Europe Ltd
 Value Click Europe Limited
 Value Click Europe
 3089
 604279
 P0004752
 St Johns College(351)
 National Institute for Agricultural
 National Institute for Agricultural
 National Institute for Agricultural
...

Code:

[mrbiggles@troy ~]$ grep -v '^[0-9]\{1,3\}' newips | wc -l   
     391

So there's at least 391 lines to clean up.

[sentralorigin]

So I can do "grep -v '^[0-9]\{1,3\}' newips" then remove every term I see on that list? There's over 200,000 lines, so I guess I'll have to do it by hand anyway...

But what can be the problem with the initial question?

[anomie]

But what can be the problem with the initial question?

The problem is you're confusing iptables by giving him non-IP address data to add to an INPUT chain rule.

You can cruise google for some good IP address regular expressions if you'd like. Probably something like this would do the trick for you:

Code:

[mrbiggles@troy ~]$ grep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' newips > cleaned-up-list

The 'cleaned-up-list' file should contain only things that (sort of) look like IP addresses.

That regexp is not perfect, but it should filter out most of the garbage.

[sentralorigin]

Okay, I cleaned up everything with letters. I search the whole thing for alphabetical letters, a-z and A-Z case sensitives too. But now there are some that are numbers that are not in IP format. How can I search for those? Like some lines just say "3526" and not in IP form, see?

Here is my updated list:

[url=http://senduit.com/9bfa3e[/url]


I tried running the script again, but I still get the same errors.

[anomie]

Did you try the command in my post above?

http://www.linuxforums.org/forum/486526-post6.html

That should have gotten rid of a four-digit number. After running that command, your script needs to go against 'cleaned-up-list'.