Tags » Iptables

block countries with iptables

# block countries with iptables based on list with range of ips

# download list with range of countries ips
rm -rf /tmp/all-zones*; wget -nc http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz -P /tmp

mkdir /tmp/all-zones; tar -xzvf /tmp/all-zones.tar.gz -C $_


for country_iso_code in ${COUNTRIES_ISO_CODE_LIST[*]}; do

  for country_ip in $( cat /tmp/all-zones/$country_iso_code.zone ); do
    echo creating rules to $country_iso_code $country_ip
    /sbin/iptables -A INPUT -s $country_ip -m comment --comment "rule to $country_iso_code country" -j DROP
Shell Script

filter ips of the 5 column in the log and block them

cut -d' ' -f5 /var/log/ips.log | sort | uniq | xargs -I% iptables -A INPUT -s % -m comment --comment "block IP that attack site" -j DROP

Iptables configuration in Linux detail tutorial Part-1

This is my first tutorial on Firewall configuration in Linux using IPTABLES. In this tutorial we will learn how to use and configure iptables to secure any server or any network.We will learn to secure server and network infrastructure. 532 more words


iptables: delete specific rule

You can list the existing iptables rule along with their line number with:

iptables -L –line-numbers

The output will be as follows:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
2 KUBE-FIREWALL all -- anywhere anywhere
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 ACCEPT udp -- anywhere anywhere udp dpt:bootps
6 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

… 13 more words

Running a custom startup script in CentOS / RHEL 7

Hi All,

During my work at Adroitlogic, in one of my tasks I had to start & configure a set of EC2 machines which included our B2B AS2 integration solution… 555 more words


Enabling Nutanix "Stargate" I/O statistics page access with allssh command, AOS 5.5 edition

Finally got my hands on AOS 5.5 and upgraded our lab Nutanix cluster to this version.

In my earlier post I described how to manipulate “iptables” rules to allow access to “Stargate” or “port 2009” pages. 247 more words


sum iptables counter rules

iptables -nvxL INPUT | awk '{n+=$1} END {print n}'