Writing an IP Tables script to read from a blacklist text file
First, here's my script in the making:
bad_ips.txt contains a list of IP ranges in X.X.X.X-Y.Y.Y.Y format, with each range on its own line. When I run the script, it appears as though iptables is only recognizing the second IP number in each range (which shouldn't produce an error anyway), even though both numbers are stored together in the same variable:
ALLOWED="22 80 3306"
# Ports used:
# 22 - SSH
# 80 - HTTP
# 3306 - MySQL
# Drop all existing rules
# Allow ALL traffic from hosts in $WHITELIST
for x in `cat $WHITELIST`; do
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
# Block all traffic from IP ranges in $BLACKLIST
for x in `cat $BLACKLIST`; do
echo "Blocking $x..."
iptables -A INPUT -m iprange --src-range $x -j DROP
# Allow specific ports in $ALLOWED for trusted hosts
for port in $ALLOWED; do
echo "Accepting port $port..."
iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
And so on for each range. Also notice the odd formatting of the output (not a huge deal, but strange). Executing these commands manually works just fine, with no errors.
root@host:~# sh iptables_init
'ptables v1.4.0: iprange match: Bad IP address `126.96.36.199
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.0: iprange match: Bad IP address `188.8.131.52
I've looked through my code over and over again, and I can't see where I went wrong. Any help?
Edit: Turns out adding a space after each line in the file solved the problem. A simple sed command did the trick:
to replace each carriage return with a space.
sed -i 's/\r/ /g' bad_ips.txt