Find the answer to your Linux question:
Results 1 to 6 of 6
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    How to set temporary IP ban in one command


    Hello,

    i want to deny an IP 2.2.2.2 using iptables for 15 minutes.

    This must be one line command, because i want to use it in mod_deflate in this variable:
    Code:
    DOSSystemCommand “.....”
    Someone used:
    Code:
    DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP”
    but i assume this is permanent ban untill server reboot which is too longterm ban i think, i need 15 minute ban in one command?

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    1,005
    This is an interesting problem. Here's a clever solution from serverfault: linux - How to make iptables rules expire? - Server Fault

    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.

  3. #3
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    949
    2.2.2.2 someone in France bothering you. strange only a fifteen minute ban?

    If I remember right rules shortcircuit so you have to put it high enough so some other rules doesn't let it pass.
    A lion does not lose sleep, over the opinion of sheep.

  4. $spacer_open
    $spacer_close
  5. #4
    Quote Originally Posted by mizzle View Post
    This is an interesting problem. Here's a clever solution from serverfault: linux - How to make iptables rules expire? - Server Fault

    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.
    I found this one too..

    so my command would look like:

    DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP;echo \"iptables -D INPUT -s %s -j DROP\" | at now + 2 hours"

    %s = ip address variable

    is that correct?
    Last edited by postcd; 04-22-2014 at 06:45 PM.

  6. #5
    Quote Originally Posted by mizzle View Post
    Perhaps make a shell script that that takes the IP in as a variable, then applies the rule, then calls the at command for 15 minutes from now.
    Here is it: Keeping script kiddies at bay with mod_evasive and iptables | Simone Tellini

    but i would like to use rather the command directly in httpd conf for simplicity instead of creating new shell script. Please is my previous command correct?

  7. #6
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    1,005
    yeah, looks like it might work, I don't know the syntax for the at command.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •