rss logo

How To block IPs address from a blacklist with netfilter/iptables - PeerBlock under GNU/Linux

This How To show how to use netfilter firewall in order to block ips thanks to a blacklist file, as PeerBlock does under Windows.

Intro

Configuration

  • OS : Arch Linux 3.19.2
  • iptables : v1.4.21

Commands

Download a black list

We can download list from www.iblocklist.com. For example download the PrimaryThreats here. We need to unzip and format the file to make it work with iptables.

  • Unzip the file :
root@host:~# unzip file.zip
  • format the list :
root@host:~# cut -d ":" -f2 PrimaryThreats.txt | grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" > PrimaryThreats_V2.txt
root@host:~# sed -i 's/\x0D$/ /' PrimaryThreats_V2.txt
  • Add the ips to the netfilter firewall :
root@host:~# for i in `cat PrimaryThreats_V2.txt` ; do echo "$i"; iptables -I INPUT -m iprange --src-range "$i" -j DROP; done
  • We can add the following rules to avoid our computer unwanted access rules for the standard traffic :
root@host:~# iptables -I INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
root@host:~# iptables -I INPUT -p tcp -m multiport --sports 80,443,53 -m state --state ESTABLISHED,RELATED -j ACCEPT
root@host:~# iptables -I INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
  • We can check the ips which have been blocked by netfilter :
root@host:~# iptables -L -n -v | tr -s " " | grep -v "^ 0"
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address