Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

hosting php

Hi i want to block 2500 ip address from database. But i do not want to enter each CIDR in iptables it will take me long time. How i can make some script which will connect to ssh and add CIDR to iptables. I use ubuntu linux. Or maybe it have some bash script to take information from database and block it.
  • 3
  • 3
  • 2
1 Solution
If I understand well, you have a database in which there is a table that contains all the IP address you would like to block on your Ubuntu server using the iptables command?

If that's the case, one way you could generate quickly the list of commands you need to execute would be the following:

Considering that the syntax for iptables command on Ubuntu to block an IP address is (please verify on your system):
iptables -A INPUT -s <IP-ADDRESS> -j DROP

Then you could execute that SQL query on your database and copy & paste the result in a file on your Ubuntu to run it as a script:

SELECT 'iptables -A INPUT -s ' || MyTableFieldWithTheIpAddress || ' -j DROP' "Commands"


if you want shell script and linux thn why php?
or do u want to stop then from viewing your php website.
if that so, just

check client address using php and check whether its present in your db if yes display them the reason that's it.
or else if you want to do it via linux than
@dtatcruncher method will do
umaximAuthor Commented:
I just do not know shell language this why i try to use php to create it.
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

as i had commented earlier if ur trying in php.
than get client ip and check in the database for this array.

this link will help you to get client ip.
and then extract the block ip from database. and use in_array() to check whethetr present if yes than stop the display.
umaximAuthor Commented:
No i want to use iptable becouse i will block it on 10 website on all server my client need it. So i need to put 3000 ip to database i just do not want to copy and past each of them i just want to combine them in one or something.
I guess this list of IP will need to be refresh on a periodic basis?  If that's the case, as you mentioned 10 websites/servers on which you want to apply this iptables IP blocks, you'll need a sync mechanism.

I'm no Linux guru so here is how the jack of all trades I am would do it:

1- on one of the server, run a script (language stays to determine) to extract that list of IP to block, from the database, and generate a script file that will be executed with iptables commands to block the IP, a script file in Linux is like a batch file in Windows/DOS, it's a serie of commands that would run at the console prompt;

2- then using a Linux CRON job (scheduler), you could ftp upload this script to the 9 or more other servers

3- another CRON job would be defined on all servers to run the script to update the iptables blocked IPs

If that scenario could apply to you, I can elaborate a little more.

By the way, what is the database these IP are in? (MySQL, Oracle, ...)
umaximAuthor Commented:
ok i have mysql database where it have list of cidr

i need to run list of command on one server with command iptables -A INPUT -s {CIDR} -j DROP
so i need to generate some batch file which will be run as command list in shell of linux i can do it by my self i jest do not want to put each ip by the hand.
For the purpose of the example here, we'll take the following values (replace by yours):
MySQL database name: mydatabase
in that MySQL database, the table name containing the IP to block: mytable
in that table, the name of the column with the IP to block: cidr
The Linux script we want to create (that will contain all the iptables commands): /usr/block_ip

taking you have a file /usr/extract_blocked_ip.sql that contains:
USE mydatabase;
SELECT CONCAT('iptables -A INPUT -s ', cidr, ' -j DROP') "# IP TO BLOCK"
FROM mytable;

Open in new window

you would execute something like this at the Linux command prompt:
# mysql -b -u root -p </usr/extract_blocked_ip.sql >/usr/block_ip

Open in new window

when executing this command you'll be prompt for the password for root (you can use another MySQL user account that has access to your database).

The script file /usr/block_ip should now be created, for it to be executable you have to use that at the command prompt of Linux:

# chmod u+x /usr/block_ip

Open in new window

then to execute it:

# /usr/block_ip

Open in new window

That should do it, if you want an automated mechanism to sync that script file on the other server and execute it, let me know and I can explain how to do the CRON jobs.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now