Find the answer to your Linux question:
Results 1 to 6 of 6
Hello, i want to deny an IP 2.2.2.2 using iptables for 15 minutes. This must be one line command, because i want to use it in mod_deflate in this variable: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie postcd's Avatar
    Join Date
    Apr 2011
    Posts
    236

    How to set temporary IP ban in one command


    Hello,

    i want to deny an IP 2.2.2.2 using iptables for 15 minutes.

    This must be one line command, because i want to use it in mod_deflate in this variable:
    Code:
    DOSSystemCommand “.....”
    Someone used:
    Code:
    DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP”
    but i assume this is permanent ban untill server reboot which is too longterm ban i think, i need 15 minute ban in one command?
    "Avoid the Gates of Hell. Use affordable Linux VPS."

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    795
    This is an interesting problem. Here's a clever solution from serverfault: linux - How to make iptables rules expire? - Server Fault

    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.

  3. #3
    Linux Enthusiast docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    649
    2.2.2.2 someone in France bothering you. strange only a fifteen minute ban?

    If I remember right rules shortcircuit so you have to put it high enough so some other rules doesn't let it pass.
    A lion does not lose sleep, over the opinion of sheep.

  4. #4
    Linux Newbie postcd's Avatar
    Join Date
    Apr 2011
    Posts
    236
    Quote Originally Posted by mizzle View Post
    This is an interesting problem. Here's a clever solution from serverfault: linux - How to make iptables rules expire? - Server Fault

    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.
    I found this one too..

    so my command would look like:

    DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP;echo \"iptables -D INPUT -s %s -j DROP\" | at now + 2 hours"

    %s = ip address variable

    is that correct?
    Last edited by postcd; 1 Day Ago at 06:45 PM.
    "Avoid the Gates of Hell. Use affordable Linux VPS."

  5. #5
    Linux Newbie postcd's Avatar
    Join Date
    Apr 2011
    Posts
    236
    Quote Originally Posted by mizzle View Post
    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.
    Here is it: Keeping script kiddies at bay with mod_evasive and iptables | Simone Tellini

    but i would like to use rather the command directly in httpd conf for simplicity instead of creating new shell script. Please is my previous command correct?
    "Avoid the Gates of Hell. Use affordable Linux VPS."

  6. #6
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    795
    yeah, looks like it might work, I don't know the syntax for the at command.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •