Showing posts with label ip address. Show all posts
Showing posts with label ip address. Show all posts

block consecutive IP address using scripts



How to block long list of consecutive IP address?
How to call linux route command inside a script?
How to block consecutive IP address using bash script or perl script?
How to block local IP address permanently?

The are times that a server does not need to listen and process any TCP/UDP request for a long list of consecutive local IP addresses.

This blog entry provides a starting point of creating server scripts to block a long list of consecutive IP address from the server for permanent blocking.

To start, launch your fave editor and create a IPblock.sh bash script like with contents similar to the next few lines. This blog entry assumes that you have bash shell and perl currently installed from the machine.
From below example, we are permanently blocking IP address from
192.168.0.10 to 192.168.0.254.
Here's a simple sample script that does the job.
#!/bin/bash
echo Blocking started ...

for ((i=10;i<=254;i=i+1)); do /sbin/route add -host 192.168.0.$i reject done echo Done
This can also be accomplished using perl script which does the same function. Create a separate IPblock.pl perl script like so.
#!/usr/bin/perl -w

my $i;
for ($i=10; $i<=254; $i++ ) { system ("/sbin/route del -host 192.168.0.$i reject"); } }
Make sure these scripts are root executable like so
# chmod 700 IPblock.sh
# chmod 700 IPblock.pl
Now, to execute individually
# ./IPblock.sh
# ./IPblock.pl
Additionally, the above scripts can be scheduled for regular execution if you need them so by using crontab utility.




Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

Remote network restart



I guess anyone who's administered several remote boxes has had the unfortunate problem of (when not thinking straight) taking down the network card on a machine you have no physical access to. The result being that the ssh session you used to connect dies. The typical mistake is to do something like (as root):
ifconfig eth0 down; ifconfig eth0 inet 123.4.5.6; ifconfig eth0 up
The unfortunate result being that the first statement disconnects your session and hangs up the chain resulting in the network not coming back up. A nice way around this is to use the bash "disown" builtin command, ie:
(sleep 5; ifconfig eth0 inet 123.4.5.6; ifconfig eth0 up)& disown -h $! ; ifconfig eth0 down

In this case you launch a backgrounded task that is disconneced from the session (meaning the ssh session dying won't kill the process) which sleeps for 5 seconds (to give the down a chance to happen) then configures the network card as appropriate and brings it back up. As soon as this launches and is disowned, then immediately takes the network card down. If the configuration change keeps the IP address the same, you'll find that after 5 seconds your bash prompt just comes back and the session resumes.



Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

Block Yahoo Messenger, AOL, MSN and ICQ using IPTABLES



If you’re a network administrator and you’re using Linux on your servers, you can stop the rest of the users from using IM applications by blocking their access to the most-used IM protocols:
ICQ and AOL:
# iptables -A FORWARD –dport 5190 -j DROP
# iptables -A FORWARD -d login.oscar.aol.com -j DROP

MSN:
# iptables -A FORWARD -p TCP –dport 1863 -j DROP
# iptables -A FORWARD -d 64.4.13.0/24 -j DROP
Yahoo Messenger:
# iptables -A FORWARD -p TCP –dport 5000:5010 -j REJECT
# iptables -A FORWARD -d cs.yahoo.com -j REJECT
# iptables -A FORWARD -b scsa.yahoo.com -j REJECT



Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

Validating an IP Address in a Bash Script



Here’s a more useful example of using them to test IP addresses for validity.

To belabor the obvious: IP addresses are 32 bit values written as four numbers (the individual bytes of the IP address) separated by dots (periods). Each of the four numbers has a valid range of 0 to 255.

The following bash script contains a bash function which returns true if it is passed a valid IP address and false otherwise. In bash speak true means it exits with a zero status, anything else is false. The status of a command/function is stored in the bash variable “$?”.

#!/bin/bash

# Test an IP address for validity:
# Usage:
# valid_ip IP_ADDRESS
# if [[ $? -eq 0 ]]; then echo good; else echo bad; fi
# OR
# if valid_ip IP_ADDRESS; then echo good; else echo bad; fi
#
function valid_ip()
{
local ip=$1
local stat=1

if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS=’.’
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi
return $stat
}

# If run directly, execute some tests.
if [[ "$(basename $0 .sh)" == 'valid_ip' ]]; then
ips=’
4.2.2.2
a.b.c.d
192.168.1.1
0.0.0.0
255.255.255.255
255.255.255.256
192.168.0.1
192.168.0
1234.123.123.123

for ip in $ips
do
if valid_ip $ip; then stat=’good’; else stat=’bad’; fi
printf “%-20s: %s\n” “$ip” “$stat”
done
fi


If you save this script as “valid_ip.sh” and then run it directly it will run some tests and prints the results:

# sh valid_ip.sh
4.2.2.2 : good
a.b.c.d : bad
192.168.1.1 : good
0.0.0.0 : good
255.255.255.255 : good
255.255.255.256 : bad
192.168.0.1 : good
192.168.0 : bad
1234.123.123.123 : bad


In the function valid_ip, the if statement uses a regular expression to make sure the subject IP address consists of four dot separated numbers:

if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then


If that test passes then the code inside the if statement separates the subject IP address into four parts at the dots and places the parts in an array:

OIFS=$IFS
IFS=’.’
ip=($ip)
IFS=$OIFS


It does this by momentarily changing bash’s Internal Field Separator variable so that rather than parsing words as whitespace separated items, bash parses them as dot separated. Putting the value of the subject IP address inside parenthesis and assigning it to itself thereby turns it into an array where each dot separated number is assigned to an array slot. Now the individual pieces are tested to make sure they’re all less than or equal to 255 and the status of the test is saved so that it can be returned to the caller:

[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?


Note that there’s no need to test that the numbers are greater than or equal to zero because the regular expression test has already eliminated any thing that doesn’t consist of only dots and digits.

Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

Popular Posts