Blocking a range of IP's via iptables?

Discussion in 'General Server' started by Luis Pena, Jan 30, 2014.

  1. Luis Pena

    Luis Pena New Member

    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    3
    Hello all, i have recently gotten into server security and i was wondering if anyone of you fellow GNUser's (Gnu/Linux Users) knows how to block a range of ip's from a txt file.

    for example, i want to have iptables read a list of ip's from a txt file ex: /etc/somthing/blockips.txt and block them.
    the reason i was to do this is because there have been 10,000+ failed root logins (via ssh) from other regions of the world (china, russia, etc). is it even possible to do this via iptables? or should i have to write a script?

    i have to maintain an ssh server, i have disabled root log in and changed the default 22 port. Should i have done this?

    i am running a fedora server.

  2. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,205
    Likes Received:
    1,017
    Trophy Points:
    113
    This should work

    Block Ranges - iptables -I INPUT -s 217.0.0.0/219.0.0.0 -j DROP
    Block entire subnet - iptables -A INPUT -s 113.110.700.0/24 -j DROP
    Last edited: Jan 30, 2014
    Haider92 and Luis Pena like this.
  3. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,201
    Likes Received:
    405
    Trophy Points:
    83
    Luis Pena and DevynCJohnson like this.
  4. Luis Pena

    Luis Pena New Member

    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    3
    @DevynCJohnson awesome info, i assume the / does the range trick?
  5. Luis Pena

    Luis Pena New Member

    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    3
  6. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,205
    Likes Received:
    1,017
    Trophy Points:
    113
    I have never tried it, but I heard that it works. Please let us know if it does.
    Haider92 likes this.
  7. Tiger Computing

    Tiger Computing New Member

    Messages:
    3
    Likes Received:
    2
    Trophy Points:
    3
    You really don't want to allow root ssh logins at all, so it's good that you've disabled them. Changing the port ssh listens on is also a good move.

    You can automate the blocking of failed logins: take a look at fail2ban (there's an article about it on HowtoForge).

    Let us know if you still have problems.

    The Tigers
    DevynCJohnson likes this.
  8. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    I looked into blocking ranges. The easiest way would be using ipsets. It works with iptables and is easy to work with.

    Ipsets are also dynamic so you can add and remove from them without having to reload your entire firewall table.
    Luis Pena and DevynCJohnson like this.
  9. Luis Pena

    Luis Pena New Member

    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    3
    okay will do.
  10. Luis Pena

    Luis Pena New Member

    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    3
    thanks will try this too!
  11. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    There is a service out there that you can use via scripts to pull down an "Internet IP Blacklist". I have never used those services, but they might be beneficial for you.

    We are doing the reverse here. We are blocking everything and only allowing the IPs that we whitelist.

Share This Page