Wednesday, December 4, 2019

Blacklist IPs Without Caring

Clients often give out a blacklist of IPs to not touch in an environment. Manually handling that in all the for loops and parsing can be a complete nightmare. It's way easier to make your box simply never speak to those blacklisted IPs at all, regardless of what commands you run. You can do this by implementing the blacklist within iptables.

Place the blacklist IPs or CIDRs in a file called "ip-blacklist.txt". Then go ahead and run the following line to import them into iptables.

cat ip-blacklist.txt | xargs -I {} iptables -A OUTPUT -d {} -j DROP

You could easily modify that so you blacklist TCP/UDP ports, or whatever else iptables supports.

No comments:

Post a Comment