Username:
Password:

Categories:

Linux (2)
Mac (2)
Other (2)
Web (5)

Linux - Use iptables to filter IP addresses or classes of ip addresses.

Creation: 20/07/2009 22:34

Last Modification: 20/07/2009 22:34

If you host your own website or anything else on a Linux server,
it will become usefull to filter requests from IP addresses or classes
of IP addresses to prevent attacks on your website or deny of service attemps.

iptables allow you to filter any incoming messages using rules.

To filter all packets coming from ip 1.2.3.4, you can use the command:

iptables -A INPUT -s 1.2.3.4 -j DROP
iptables -A OUTPUT -d 1.2.3.4 -j DROP


To filter all packets coming from ip 1.2.3.0 to 1.2.3.255, you can use the command:

ptables -A INPUT -s 1.2.3.0/24 -j DROP
iptables -A OUTPUT -d 1.2.3.0/24 -j DROP


I store the list of ip addresses in a file "ignorelist" and the list of
classes to ignore in a file "classignore" and use the following script to program iptables:

#!/bin/bash
for myip in $(cat ignorelist | grep -v "#"); do
	iptables -D INPUT -s $myip -j DROP > /dev/null 2>&1;
	iptables -A INPUT -s $myip -j DROP;
	iptables -D OUTPUT -d $myip -j DROP > /dev/null 2>&1;
	iptables -A OUTPUT -d $myip -j DROP;
done

for myip in $(cat classignore | grep -v "#"); do
	iptables -D INPUT -s ${myip}.0/24 -j DROP > /dev/null 2>&1;
	iptables -A INPUT -s ${myip}.0/24 -j DROP;
	iptables -D OUTPUT -d ${myip}.0/24 -j DROP > /dev/null 2>&1;
	iptables -A OUTPUT -d ${myip}.0/24 -j DROP;
done


Some explanations on this script:
- there is a grep filter so i can add comments on the files
- i first remove the rule using the -D option before adding
it so it is possible to rerun the script when i add an entry
without duplicating the already existing rules.

Now all you have to do is find out from your servers logs
when someone is making "weird" access to your website.

Linux - Force screen to shutdown/start

Creation: 14/07/2009 16:12

Last Modification: 14/07/2009 16:12

This is a small tip but that i found usefull if you want to spare some
energy.

On my multimedia server, i need to force screen to shutdown when
i quit the xserver and not wait for timeout and in the other way i need
to start it before starting X.

To do this you can simply use the "vbetool" command:
- "vbetool dpms off" will stop your screen.
- "vbetool dpms on" will start it back.

Using this i force my LCD screen to shutdown when i am done looking
TV but my computers continue to run (to host my website or record TV
shows later for example).