re: Analyzing the Attacks on my Website VIEW POST


Please note that using

iptables -A INPUT -s $line -j DROP

is appending your rule to the end of INPUT rules. This can be a problem if the INPUT chain has any other rules that have been applied before.

To ban an IP is better to prepend the rule at the beginning:

iptables -I INPUT 1 -s $line -j DROP

Althoug I prefer to create a custom chain for them, so you can prepend your custom chain to the beginning of INPUT, and append ips safely to it:

iptables -N bannejats
iptables -A bannejats -j RETURN
# No line specified because it defaults to 1 :)
iptables -I INPUT -p tcp -j bannejats

while IFS= read -r line
  iptables -I bannejats 1 -s $line -j REJECT --reject-with icmp-port-unreachable
  # Or also safe now because bannejats is on head
  # iptables -A bannejats -s $line -j DROP
done < "$input"

(A note on Drop versus Reject chiark.greenend.org.uk/~peterb/net...)

Code of Conduct Report abuse