Results 1 to 6 of 6
  1. #1
    Join Date
    May 2006
    Posts
    64

    iptables: expiring ip block

    I'm trying to figure out an iptables rule to block certain ips for a limited duration, after which the block rule will be removed.

    hits to the iptables filter while the ip is blocked should not renew the timer.

    i got as far as:

    iptables -A INPUT -m recent --name blacklist --rcheck --seconds 10 -j REJECT
    iptables -A INPUT -m recent --name blacklist --remove

    but how do i blacklist an ip now ? (this needs to be done via external app and not via iptables matches/hitcounts)
    iptables -A INPUT -s xxx.xxx.xxx.xxx -m recent --name blacklist --set
    would renew the blacklist every time that ip sends a packet no matter if it is blocked or not. and also that rule would remain in iptables even when expired

  2. #2
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    Your external app/script can fetch all blocked IPs that way :

    Code:
    # cat /proc/net/ipt_recent/blacklist
    Then it can blacklist them all or do whatever you want.

  3. #3
    This is done by cf bu default.

    The best bet is to install csf as it will use IP tables in background.

  4. #4
    Join Date
    May 2006
    Posts
    64
    Quote Originally Posted by khunj View Post
    Your external app/script can fetch all blocked IPs that way :

    Code:
    # cat /proc/net/ipt_recent/blacklist
    Then it can blacklist them all or do whatever you want.
    can i add ips that way too ?

  5. #5
    Join Date
    May 2006
    Posts
    64
    found out myself

    Each file in /proc/net/ipt_recent/ can be read from to see the current list
    or written two using the following commands to modify the list:

    echo xx.xx.xx.xx > /proc/net/ipt_recent/DEFAULT
    to Add to the DEFAULT list

    echo -xx.xx.xx.xx > /proc/net/ipt_recent/DEFAULT
    to Remove from the DEFAULT list

    echo clear > /proc/net/ipt_recent/DEFAULT
    to empty the DEFAULT list.

  6. #6
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    have you looked at denyhosts? It has expiration features.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

Similar Threads

  1. Iptables block an IP not working
    By heropage in forum Hosting Security and Technology
    Replies: 0
    Last Post: 04-25-2008, 08:53 PM
  2. iptables cant block ip
    By Dmitry85 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-15-2006, 07:33 AM
  3. iptables centos block an ip
    By GTPilot in forum Dedicated Server
    Replies: 3
    Last Post: 12-18-2005, 02:01 PM
  4. iptables block ssh for certain ips and allow for others
    By nightduke in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-03-2005, 01:41 PM
  5. How do i block an IP with IPtables?
    By WWWhost in forum Hosting Security and Technology
    Replies: 23
    Last Post: 12-08-2004, 09:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •