Script to firewall via blockhosts' hosts.deny with iptables [copied from comments, by "J. Jenkins"]
Has to be run every few minutes, using cron.
Tweak to suit your needs, I have a cron job that runs every few minutes. Stops ssh abusers quick, since hosts.deny doesnt seem to...
Joe
copy below line, put into a script file and chmod +x. May need to tweak it based on your config, I am using Fedora Core 3.... When blockhosts removes the IP from the hosts.deny file, the firewall rules will change to match it, thanks to the FLUSH that happens right off the bat.
-=-=-=-=-
#!/bin/bash
iptables -F INPUT
for X in `cat /etc/hosts.deny | tr -d '\t' | grep deny | tr -d ' ' | tr -d 'ALL:' | tr -d 'deny' | grep '[0-9]'`
do
echo "Blocking:" $X
iptables -A INPUT -s $X -j DROP
done
iptables -A INPUT -j RH-Firewall-1-INPUT
iptables -L INPUT
How is the iptables script activated?
This is exactly what I've been looking for in a script, but I'm not sure how you would activate this script via blockhosts.py? Can you comment on what the line within the host.deny would look like or the host.allow if that's where you are running blockhosts from?
Thank you in advance for your reply.
Use cron to run the script
The script for running iptables has to run repeatedly, the original poster ran it every few minutes, using a cron job.
Note that the script will need editing, if you use the default hosts.allow file instead of hosts.deny in blockshosts.py.
No modifications are needed to blockhosts.py