simple iptables bash script with whitelist ip file

Simple linux bash script to generate iptables with whitelist ip's from file and block all other

Topic:simple iptables bash script with whitelist ip file

iptables bash script whitelist ip list

  Overview: Iptables with ip whitelist file

    In this blog article i have provided a simple bash script to generate iptables which block all the request and allow only the IP's which are added in a particular file named as whitelist.txt, which also includes blocking sip scanners.

    iptables is a linux command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list

  Steps to be followed

    Step 1 : Creating whitelist file

    login to your linux ssh console using putty or direct server console, run the below command.

creating a folder name firewall and file whitelist.txt

mkdir /usr/src/firewall
touch /usr/src/firewall/whitelist.txt

    Step 2 : Entering the list of allowed ip's

Edit the whitelist.txt file and add the ip's to be allowed 

vi /usr/src/firewall/whitelist.txt

1.1.1.1

2.2.2.2

3.3.3.3

save and exit

    Step 3 : Locate where the iptables path

type the below command

which iptables

which iptables-save

it will outputs as below

/sbin/iptables
/sbin/iptables-save

Copy the output ,we have replace in bash script in next steps

    Step 4 : Iptables Bash script

Create a new File named as firewall.sh and copy paste the below scirpt

replace the iptables path in that file.

vi /usr/src/firewall/firewall.sh

copy and paste the below script

#!/bin/bash
# allowed ip file location
WHITELIST=/usr/src/firewall/whitelist.txt
#
## Specify where IP Tables is located
#
IPTABLES=/sbin/iptables
IPTABLES_SAVE=/sbin/iptables-save
#
## Save current iptables running configuration in case we want to revert back
##  To restore using our example we would run "/sbin/iptables-restore < /usr/src/iptables.last"
#
$IPTABLES_SAVE > /usr/src/iptables.last
#
## Clear current rules
#
##If current INPUT policy is set to DROP we will be locked out once we flush the rules
## so we must first ensure it is set to ACCEPT.
#
$IPTABLES -P INPUT ACCEPT
echo 'Setting default INPUT policy to ACCEPT'
$IPTABLES -F
echo 'Clearing Tables F'
$IPTABLES -X
echo 'Clearing Tables X'
$IPTABLES -Z
echo 'Clearing Tables Z'
#Always allow localhost.
echo 'Allowing Localhost'
$IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
#
## Whitelist
#
for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
$IPTABLES -A INPUT -s $x -j ACCEPT
done
# block all other traffice
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
#
## Save the rules so they are persistent on reboot.
#
/sbin/iptables-save

note:
replace lines based on output in step 3
IPTABLES=/sbin/iptables
IPTABLES_SAVE=/sbin/iptables-save

Below line will allow port 22 ssh to all ip's, if you dont what this disable that line.

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

    Step 5 : Make firewall.sh file as read write and executable

run the below command to give read,write,executable permission to firewall.sh file

chmod +x /usr/src/firewall/firewall.sh

    Step 6 : Running the script

type the full path of the file as shown below .

/usr/src/firewall/firewall.sh

    Step 7 : check the iptables rules

Run the below iptables command to check the iptables rules

iptables -L -n 

    Step 8: Persist the rules after reboot.

After reboot the iptables rules might got flushed, to avoid that either add the firewall.sh file in start up script ,under /etc/rc.d/rc.local  or run the file in cronjob to run on reboot

crontab -e

@reboot /usr/src/firewall/firewall.sh

Also see:
Script to block ssh attack automatically ClickHere
For support contact   skype :striker24x7

reference :

www.thegeekstuff.com

www.cyberciti.biz

https://www.powerpbx.org/