Banning ips with Denyhosts and iptables

Posted in Security on February 29th, 2008 by kurtymckurt

If you’re looking for a nice way to automatically ban an ip address without specifically doing the iptables command, here’s a nice script to get you started. This script parses the /etc/hosts.deny file and blocks them using iptables.


#!/bin/bash


ROOT_UID=0


E_NOTROOT=67


if [ "$UID" != "$ROOT_UID" ]; then


echo "Must be root to run this script."


exit $E_NOTROOT


fi


iptables -F


echo "The following ips are blocked: " 1> /var/log/block.log


for x in `cat /etc/hosts.deny | grep -v ^# | cut -d ":" -f 2`; do


/usr/share/.scripts/deny.sh $x >> /var/log/block.log


done


exit0;

For ease of use, that script calls another script called deny.sh.


#!/bin/bash


ROOT_UID=0


E_NOTROOT=67


if [ "$UID" != "$ROOT_UID" ]; then


echo "Must be root to run this script."


exit $E_NOTROOT


fi


iptables -I INPUT -s $1 -j DROP


if [ $? != 0 ]; then


echo "block did not work on $1"


exit 1;


fi


echo "$1 was blocked."


exit 0;

Notice that the script first flushes all the current blocked ip addresses so that you don’t accidentally block the ip addresses many times. This could cause many problems if you’re trying to unblock someone.
Have fun and be safe!

Tags: