HPE Community
Operating System - Linux
1826061 Members
4215 Online
109690 Solutions
New Discussion

Importing List of Addresses into IP Tables

 
Andrew Kaplan
Super Advisor

‎12-08-2006 03:30 AM

‎12-08-2006 03:30 AM

Importing List of Addresses into IP Tables

Hi there --

I have a list of addresses from a Shorewall blacklist file, and I would like to import them into my iptables list.

A colleague of mine sent me the following perl script to facilitate the process:

#!/usr/bin/perl
# wall.pl by int0x80
# convert shorewall list to iptables
use strict;

my $config = shift or usage(); # find the config file
my $nic = "eth0"; # change this to your NIC
my @fields = (); # parts of each line
my $rule; # the iptables rule we build
open(CONF, $config); # open the config file for read
while(){ # !EOF
@fields = split(/ /,$_); # parse each part
if($fields[0] !~ /^\s*#/){ # make sure this isn't commented
chomp($fields[1]); # clear newline if there

$rule = "iptables -I INPUT -i ". $nic ." -p ". $fields[1] ." -s ". $fields[0];
if(length $fields[2] && $fields[2] !~ /^\s*#/){
$rule = $rule . " -m mport --dports " . $fields[2];
}

chomp($rule); # clear newline if there
$rule = $rule . " -j DROP"; # finish the rule
print $rule ."\n"; # print rule
system($rule); # insert to filter
}
} # EOF
close CONF; # close the config file

sub usage {
die "Usage: wall.pl \n";
}

I ran the perl script as root and unfortunately the follow output appeared:

iptables -I INPUT -i eth0 -p -s 221.113.7.0/24 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables -I INPUT -i eth0 -p -s 61.0.0.0/8 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified

I did run the script as a non-root user, via the sudo command, and I got output similar to what you saw, the only thing is, there were no changes to the iptables file after it was run.

What change(s) should I make to the script, or is there another way of importing the addresses? Thanks in advance.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
1 REPLY 1
Steven E. Protter
Exalted Contributor

‎12-08-2006 03:38 AM

‎12-08-2006 03:38 AM

Re: Importing List of Addresses into IP Tables

Shalom,

Your list is bad.

22,25,53,6000

Thats not an IP address.

Garbage in, garbage out.

Clean up the data and your script will work, though perl is overengineering in this case, a simple ip address list with a shell script while do/done
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.