Creation: 20/07/2009 22:34
Last Modification: 20/07/2009 22:34
If you host your own website or anything else on a Linux server,
it will become usefull to filter requests from IP addresses or classes
of IP addresses to prevent attacks on your website or deny of service attemps.
iptables allow you to filter any incoming messages using rules.
To filter all packets coming from ip 1.2.3.4, you can use the command:
iptables -A INPUT -s 1.2.3.4 -j DROP
iptables -A OUTPUT -d 1.2.3.4 -j DROP
To filter all packets coming from ip 1.2.3.0 to 1.2.3.255, you can use the command:
ptables -A INPUT -s 1.2.3.0/24 -j DROP
iptables -A OUTPUT -d 1.2.3.0/24 -j DROP
I store the list of ip addresses in a file "ignorelist" and the list of
classes to ignore in a file "classignore" and use the following script to program iptables:
#!/bin/bash
for myip in $(cat ignorelist | grep -v "#"); do
iptables -D INPUT -s $myip -j DROP > /dev/null 2>&1;
iptables -A INPUT -s $myip -j DROP;
iptables -D OUTPUT -d $myip -j DROP > /dev/null 2>&1;
iptables -A OUTPUT -d $myip -j DROP;
done
for myip in $(cat classignore | grep -v "#"); do
iptables -D INPUT -s ${myip}.0/24 -j DROP > /dev/null 2>&1;
iptables -A INPUT -s ${myip}.0/24 -j DROP;
iptables -D OUTPUT -d ${myip}.0/24 -j DROP > /dev/null 2>&1;
iptables -A OUTPUT -d ${myip}.0/24 -j DROP;
done
Some explanations on this script:
- there is a grep filter so i can add comments on the files
- i first remove the rule using the -D option before adding
it so it is possible to rerun the script when i add an entry
without duplicating the already existing rules.
Now all you have to do is find out from your servers logs
when someone is making "weird" access to your website.
