Error when drop ips with script on iptables.

[r4faga]

Hello...

I make a simple script to drop multiples ips on iptables to be banned. But cant drop it now.

Mark this error: iptables: Memory allocation problem.

I have 8 gigas ram, so is imposible it's a problem of lack of memory.

I have centos+ispconfig (i used The Perfect Server - CentOS 6.3 x86_64 (Apache2, Courier, ISPConfig 3)

This is my script: for i in $(cat /etc/sysconfig/ip.ls)
do
iptables -I INPUT -s $i -j DROP
iptables -I INPUT -s $i -j LOG --log-prefix "Packet Input DROP:"
done

ip.ls is list of range of ips. like this:

2.60.0.0/14
2.92.0.0/14
5.1.48.0/21
5.2.32.0/19
5.3.0.0/16
5.8.0.0/17
5.8.160.0/20
5.8.176.0/21
5.8.192.0/19
5.8.224.0/20
5.11.64.0/20
5.16.0.0/14
5.23.48.0/21
5.23.96.0/21

but when I run the script, records some ips and seconds later the error:

iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.
iptables: Memory allocation problem.

and i have to cancel the script.

Any idea?

Tanks...

[victorbell]

I will have to study this for some time as I have no idea about this. But I will soon find out a solution and let you know.

[florian030]

Quote:

This is my script: for i in $(cat /etc/sysconfig/ip.ls)
do
iptables -I INPUT -s $i -j DROP
iptables -I INPUT -s $i -j LOG --log-prefix "Packet Input DROP:"
done

ip.ls is list of range of ips. like this:

2.60.0.0/14

If you would add a subnet to iptables, you have to masquerade it.
iptables -I INPUT -s "$i" -j DROP