Iptables Bash Shell Cleanup Script
The following script will remove duplicate entries from your iptables banlist by first removing all the entries, making them unique (and sorted) and then adding them to iptables again. You may want, as extra insurance, to add your server / home ip to the sed delete line to protect against … accidents:
#!/bin/bash
/sbin/iptables -L -n | cut -d ” ” -f 12 | sort | sed ‘/^\s*$/d’ | sed ‘/^\(127\|localhost\|loopback\|0\.\|192.\|your_ips_here\).*$/d’ | uniq > /root/ips
/sbin/iptables -Ffor ip in `cat /root/ips`
do
/sbin/iptables -I INPUT -s $ip -j DROP
done/sbin/iptables -L -n
I accidentally hosed my server for the last, oh, 30m or so by screwing around with iptables as root. After it came up, I added the sed rules to make sure I didn’t accidentally do it again, and then scheduled the cleanup job to run every 8 hours:
chrontab -l
0 */8 * * * /root/iptables-clean.sh
Hope this helps someone out there having trouble managing their server…
This entry was posted on Thursday, April 12th, 2007 at 12:26 am and is tagged with cleanup job, home ip, bash shell, extra insurance, banlist, localhost, uniq, ips, accidents, 192, insurance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)