Linux – How to make iptables rules expire

centosiptableslinux

Someone told me this is possible, but I can't find anything on google or man pages.

I need to ban IPs for a certain amount of time, and then have then unbanned automatically.

Best Answer

If you mean for iptables to completely remove the rule by itself you won't be able to do it, as far as I know. What's the purpose of this? If you need some kind of automatic temporary banning the standard solution is fail2ban.

Alternatively you can use a cron job to remove the rule you're adding, or, better if you want to do it interactively, an at job:

iptables -I INPUT -s 192.168.1.100 -j DROP
echo "iptables -D INPUT -s 192.168.1.100 -j DROP" | at @10pm

Also take a look at the recent module of iptables. This with its --seconds option may be of help, depending on your actual needs. man iptables for more information.

Related Solutions

Linux Bash – How to Sort du -h Output by Size

As of GNU coreutils 7.5 released in August 2009, sort allows a -h parameter, which allows numeric suffixes of the kind produced by du -h:

du -hs * | sort -h

If you are using a sort that does not support -h, you can install GNU Coreutils. E.g. on an older Mac OS X:

brew install coreutils
du -hs * | gsort -h

From sort manual:

-h, --human-numeric-sort compare human readable numbers (e.g., 2K 1G)

Linux – Redirect specific IP address to a another site/page/IP using IPTABLES

To do this with iptables you could setup a virtual server in apache listening on an alternate port with the docroot set to the instructions for how to be un-banned.

iptables -t nat -I PREROUTING -p tcp --dport 80 -s 96.266.184.52 -j DNAT --to-destination $server_ip_address:$alternate_apache_port

Best Answer

Related Solutions

Linux Bash – How to Sort du -h Output by Size

Linux – Redirect specific IP address to a another site/page/IP using IPTABLES

Related Topic