How would you script the temporary IP banning on Linux?
by postcd from LinuxQuestions.org on (#5K9S7)
If i want to iptables v1.8.7 ban external IP on INPUT to my Linux for 24 hours from now, how to do it?
I have found https://serverfault.com/questions/27...s-rules-expire
and https://ipset.netfilter.org/iptables...sions.man.html shows
Quote:
$ date --iso-8601=hours
2021-06-20T16+05:00
It seems to be showing timezone. I can do: "$ date --iso-8601=minutes|head -c 16"
after wasting some more time, my idea on command is:
Quote:
(hours can be replaced by minutes etc.)
it bans the IP. The iptables -S output:
Quote:
But after the time expire, the entry remains in iptables and i think that it prevent connections even after defined time because after i removed the rule (by replacing -I by -D), connection from that IP appeared.
Method B may be to use ipset instead of iptables:
Install "ipset" package
sudo ipset create badips iphash maxelem 1000111222 timeout 0
sudo ipset add badips 1.2.3.4 timeout 86400
iptables -I INPUT -m set --match-set badips src -j DROP
save iptables (various distros, various command - yes stupid) maybe: iptables-save > /etc/sysconfig/iptables;service iptables save
(not tried yet)
How you would you iptables block the ip for 24hrs. better?
I have found https://serverfault.com/questions/27...s-rules-expire
and https://ipset.netfilter.org/iptables...sions.man.html shows
Quote:
| time This matches if the packet arrival time/date is within a given range. All options are optional, but are ANDed when specified. All times are interpreted as UTC by default. --datestart YYYY[-MM[-DD[Thh[:mm[:ss]]]]] --datestop YYYY[-MM[-DD[Thh[:mm[:ss]]]]] Only match during the given time, which must be in ISO 8601 "T" notation. The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07. If --datestart or --datestop are not specified, it will default to 1970-01-01 and 2038-01-19, respectively. |
2021-06-20T16+05:00
It seems to be showing timezone. I can do: "$ date --iso-8601=minutes|head -c 16"
after wasting some more time, my idea on command is:
Quote:
| sudo iptables -I INPUT -s 1.2.3.4 -m time --datestop "$(date --date='+'24' hours' --iso-8601=minutes|head -c 16)" -j DROP |
it bans the IP. The iptables -S output:
Quote:
| -A INPUT -s 1.2.3.4/32 -m time --datestop 2021-06-20T16:11:00 -j DROP |
Method B may be to use ipset instead of iptables:
Install "ipset" package
sudo ipset create badips iphash maxelem 1000111222 timeout 0
sudo ipset add badips 1.2.3.4 timeout 86400
iptables -I INPUT -m set --match-set badips src -j DROP
save iptables (various distros, various command - yes stupid) maybe: iptables-save > /etc/sysconfig/iptables;service iptables save
(not tried yet)
How you would you iptables block the ip for 24hrs. better?