The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

getting a list of blocked IPs

Discussion in 'General Discussion' started by matt621, Jun 14, 2004.

  1. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    I've been using IP tables to block IPs using the following:

    iptables -I INPUT 1 -s 123.456.789.123 -j DROP
    /etc/rc.d/init.d/iptables save
    /etc/rc.d/init.d/iptables restart
    /etc/rc.d/init.d/httpd start

    adding them one at a time as I find a problem.

    This is on the old server. I want to get a list of all those I've added so I can add them to the new server. How would I do that?

    Thank you.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The file should be saved to:
    /etc/sysconfig/iptables

    Or, you can list your IP tables rules and probably find them there:

    iptables -L -n
     
  3. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    When I do:

    iptables -L -n

    I get:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [root@ns1 root]#


    If I view the file /etc/sysconfig/iptables
    it only shows like 5 IPs. I know I added dozens of them.
     
    #3 matt621, Jun 14, 2004
    Last edited: Jun 14, 2004
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks like you might have lost them between reboots :(

    If you're lucky you might have them in your bash history:

    grep iptables /root/.bash_history
     
  5. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    good call on the bash history.

    Now I noticed this:

    iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
    iptables -I INPUT 1 -s yyy.yyy.yyy.yyy -j DROP

    Whats the diff. between -A and -I?

    Also, can I just cut and paste these into the iptable file in sysconfig and reboot and that's all I need to do? That sure would be easier.

    thanks again for the help.
     
  6. bking

    bking Well-Known Member

    Joined:
    Mar 1, 2004
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney
    -A adds the rule to the end of the table.
    -I inserts it at the top, or if given a number, it will insert the rule at that line number.
    You should be able to paste them in, but remember that order matters!! So make sure they are in the right spot (see the above for -A -I differences) No use having the rules after an ACCEPT rule that makes a match before it gets to the DROP.
     
Loading...

Share This Page