SH script for iptables add rule for x minutes

is there any sh script to add an iptables rule for x minutes ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can easily write one, for example if you want to open port 80 for 5 minutes:

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sleep 300
service iptables restart

Open in new window

The above will add a rule to open port 80, then wait 5 minutes and restart iptables to remove the rule.
FireBallITAuthor Commented:
that is ok what if you add one rule in 5 minutes what if you add an other rule after 1 minute ?
I am not really understanding your follow up question.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

FireBallITAuthor Commented:
our system blocking ip addresses when it has anomality if we block an ip on
12:01and then if we block an other ip on 12:04 both ips will be released on 12:05
What is it exactly you are trying to do?

If you want to block a certain IP address for 5 minutes and you want to do it from the command line here is some code:

if [[ -z $1 ]]; then
        echo "Please input an IP address to block"
        echo "example:"
        echo "nohup &>/dev/null &"
        echo "Adding rule to block all traffic from $i"
        iptables -I INPUT -p all -s "$ip" -j DROP
        sleep 300
        iptables -D INPUT -p all -s "$ip" -j DROP

Open in new window

You can run the script and pass it an IP address, it will block the IP for 5 minutes then delete the rule, like so:


BUT, if you close the shell the script will stop and you will have the iptables rule stuck there. I recommend running the script with nohup and some other fancyness, like so:

nohup /path/to/ &>/dev/null &

Now the script will run in the background and you can block an IP every minute if you want.  The IP address will still be blocked for 5 minutes each.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
yes that is good and what i need
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.