Blocking a range of IP's via iptables?

L

Luis Pena

Guest
Hello all, i have recently gotten into server security and i was wondering if anyone of you fellow GNUser's (Gnu/Linux Users) knows how to block a range of ip's from a txt file.

for example, i want to have iptables read a list of ip's from a txt file ex: /etc/somthing/blockips.txt and block them.
the reason i was to do this is because there have been 10,000+ failed root logins (via ssh) from other regions of the world (china, russia, etc). is it even possible to do this via iptables? or should i have to write a script?

i have to maintain an ssh server, i have disabled root log in and changed the default 22 port. Should i have done this?

i am running a fedora server.
 


This should work

Block Ranges - iptables -I INPUT -s 217.0.0.0/219.0.0.0 -j DROP
Block entire subnet - iptables -A INPUT -s 113.110.700.0/24 -j DROP
 
Last edited:
ryanvade said:
I believe it is possible yes although I can't remember the specific commands. I would use a tool designed for this though. Something like AIDE or fail2ban.



@ryanvade sweet! thanks for bringing the Gui based option. i was not aware of them. thanks for the info . i shall look into this.
Click to expand...
 
You really don't want to allow root ssh logins at all, so it's good that you've disabled them. Changing the port ssh listens on is also a good move.

You can automate the blocking of failed logins: take a look at fail2ban (there's an article about it on HowtoForge).

Let us know if you still have problems.

The Tigers
 
I looked into blocking ranges. The easiest way would be using ipsets. It works with iptables and is easy to work with.

Ipsets are also dynamic so you can add and remove from them without having to reload your entire firewall table.
 
grim76 said:
I looked into blocking ranges. The easiest way would be using ipsets. It works with iptables and is easy to work with.

Ipsets are also dynamic so you can add and remove from them without having to reload your entire firewall table.
Click to expand...
thanks will try this too!
 
There is a service out there that you can use via scripts to pull down an "Internet IP Blacklist". I have never used those services, but they might be beneficial for you.

We are doing the reverse here. We are blocking everything and only allowing the IPs that we whitelist.
 
You must log in or register to reply here.

Members online

Total: 949 (members: 4, guests: 945)

Latest posts

Top