Please note that using
iptables -A INPUT -s $line -j DROP
is appending your rule to the end of INPUT rules. This can be a problem if the INPUT chain has any other rules that have been applied before.
To ban an IP is better to prepend the rule at the beginning:
iptables -I INPUT 1 -s $line -j DROP
Althoug I prefer to create a custom chain for them, so you can prepend your custom chain to the beginning of INPUT, and append ips safely to it:
iptables -N bannejats
iptables -A bannejats -j RETURN
# No line specified because it defaults to 1 :)
iptables -I INPUT -p tcp -j bannejats
while IFS= read -r line
iptables -I bannejats 1 -s $line -j REJECT --reject-with icmp-port-unreachable
# Or also safe now because bannejats is on head
# iptables -A bannejats -s $line -j DROP
done < "$input"
(A note on Drop versus Reject chiark.greenend.org.uk/~peterb/net...)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.