Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Programming/Scripts

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th April 2013, 00:01
r4faga r4faga is offline
Member
 
Join Date: Jul 2011
Posts: 48
Thanks: 0
Thanked 1 Time in 1 Post
Default Error when drop ips with script on iptables.

Hello...

I make a simple script to drop multiples ips on iptables to be banned. But cant drop it now.

Mark this error: iptables: Memory allocation problem.

I have 8 gigas ram, so is imposible it's a problem of lack of memory.

I have centos+ispconfig (i used The Perfect Server - CentOS 6.3 x86_64 (Apache2, Courier, ISPConfig 3)

This is my script: for i in $(cat /etc/sysconfig/ip.ls)
do
iptables -I INPUT -s $i -j DROP
iptables -I INPUT -s $i -j LOG --log-prefix "Packet Input DROP:"
done

ip.ls is list of range of ips. like this:

2.60.0.0/14
2.92.0.0/14
5.1.48.0/21
5.2.32.0/19
5.3.0.0/16
5.8.0.0/17
5.8.160.0/20
5.8.176.0/21
5.8.192.0/19
5.8.224.0/20
5.11.64.0/20
5.16.0.0/14
5.23.48.0/21
5.23.96.0/21

but when I run the script, records some ips and seconds later the error:

iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.

and i have to cancel the script.

Any idea?

Tanks...
Reply With Quote
Sponsored Links
  #2  
Old 16th April 2013, 08:06
victorbell victorbell is offline
Junior Member
 
Join Date: Apr 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I will have to study this for some time as I have no idea about this. But I will soon find out a solution and let you know.
Reply With Quote
  #3  
Old 16th April 2013, 09:26
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 233
Thanks: 8
Thanked 64 Times in 55 Posts
 
Default

Quote:

This is my script: for i in $(cat /etc/sysconfig/ip.ls)
do
iptables -I INPUT -s $i -j DROP
iptables -I INPUT -s $i -j LOG --log-prefix "Packet Input DROP:"
done

ip.ls is list of range of ips. like this:

2.60.0.0/14
If you would add a subnet to iptables, you have to masquerade it.
iptables -I INPUT -s "$i" -j DROP
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problem in using : perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3, rezabagheri Installation/Configuration 7 30th October 2012 22:55
Ispconfig and iptables rules lanceq Installation/Configuration 0 27th June 2012 23:57
IPSCoonfig is not avaliable after few hours server has been rebooted emanation Installation/Configuration 11 20th September 2011 12:22
IPtables rule to let PPTP access LAN brianwebb01 Installation/Configuration 0 1st May 2008 21:23
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42


All times are GMT +2. The time now is 20:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.