Error in the new feature

Hi

I still don't get it

I am running CentOS 5.5

So got no understanding of linux scripting
so could you please tell what exact thing i need to fill in
its much appreciated by me :)

Thanks in advantage,

angelo
 
The following code should work fine.

1. Create file called /usr/local/directadmin/scripts/custom/block_ip.sh
2. Put the following code in it:
Code: 
#!/bin/sh

cmd=$(/sbin/iptables -L INPUT -v -n | awk '{print $8}' | grep -ci "$ip")                                

if [ "$cmd" -eq "0" ]; then
    /sbin/iptables -A INPUT -s $ip -j DROP
    /sbin/iptables-save > /etc/sysconfig/iptables
fi

4. Save the file.
5. Chmod the file executable:
Code: 
chmod 700 /usr/local/directadmin/scripts/custom/block_ip.sh
 
Last edited:
In my case

Code: 
/sbin/iptables-save

shows output and does not save it in any file. Does it work another way by you?
 
Code: 
[root@srv5 custom]# /sbin/iptables-save
# Generated by iptables-save v1.3.5 on Tue Jul  5 20:02:56 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [27611702:34578661780]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -s 58.136.112.16 -j DROP
-A INPUT -s 58.136.112.16 -j DROP
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 35000:35999 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Jul  5 20:02:56 2011

Il get that but how i remove one ?
 
iptables-save only spits output to stdout unless you redirect the output somewhere.

I guess it should be like this instead:

/sbin/iptables-save > /etc/sysconfig/iptables
 
To remove an ip you have to do like this:
Code: 
/sbin/iptables -D INPUT -s <ip here> -j DROP
/sbin/iptables-save > /etc/sysconfig/iptables

Example:

Code: 
/sbin/iptables -D INPUT -s 58.136.112.16 -j DROP
/sbin/iptables-save > /etc/sysconfig/iptables
 
zEitEr said:
I suppose you need to add a check in order to learn has been an attacker's IP already added or hasn't.
Click to expand...
Write them to a file then check by grep'ing the file? I have a file with all my rules for my "post-up iptables-restore" on boot.

But scsi has an alternative.
 
Last edited:
Hello,

FYI, I've written a no-support, unofficial, "use-at-your-own-risk" guide here:
http://help.directadmin.com/item.php?id=380

which should give a basic idea of how it can be used.
Note that the iptables script used is for CentOS/Fedora.. not tested on Debian (may work), and I don't believe will work for FreeBSD (didn't try)

John
 
scsi said:
Anyone have any recommended scripts for servers with csf? Is there a proper table to put it in or something... I havent looked at it yet?
Click to expand...

#!/bin/sh

/etc/csf/csf.pl -d $ip

exit 0


and csf will care about the management of iptables , ip exist or not in the list etc...
 
Last edited:
You must log in or register to reply here.
Back
Top