Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Read txt file, add to iptables not working on new host
30 views
Skip to first unread message
JackM
May 23, 2013, 10:44:38 PM5/23/13
to
First, let me say that I have no knowledge of or experience with Python
or Linux/Unix. I have a script which was written by a host tech person
that ran via cron on my old server. It was designed to read IP addresses
from a text file and add them to be blocked on iptables. That way, we
could add or remove IPs without involving tech support daily. It worked
great.
Then we changed hosts and this script is now throwing errors on the new
server. This host runs Python 2.6.6. This is the script:
#!/usr/bin/python
import os,time
##Input, Output, and TimeStamp
inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
##Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
Rules..\n')
##Loop to read in file and Apply rules to IPtables
for line in inFile.readlines():
tmp = line.split(';')
IP = tmp[0]
outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
REJECT' )
logFile.write(IP), logFile.write(' - Has been blocked '),
logFile.write(stamp),logFile.write
The errors we're getting are like these:
Bad argument `174.37.65.204'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `94.159.162.182'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `95.134.132.98'
Try `iptables -h' or 'iptables --help' for more information.
etc.
Entries from the banlist.txt are like these:
200.193.54.138; February 9, 2013, 7:42 am <br>
87.120.57.4; February 9, 2013, 7:42 am <br>
82.206.129.160; February 9, 2013, 7:43 am <br>
etc.
I know the error points to a bad iptables command.
Can someone tell me what change(s) I need to make to this script to get
it working again? Thanks.
--
My email address on the header is a non-monitored spam catching account.
I can be reached via http://www.wvnh.net/contact.htm
or Linux/Unix. I have a script which was written by a host tech person
that ran via cron on my old server. It was designed to read IP addresses
from a text file and add them to be blocked on iptables. That way, we
could add or remove IPs without involving tech support daily. It worked
great.
Then we changed hosts and this script is now throwing errors on the new
server. This host runs Python 2.6.6. This is the script:
#!/usr/bin/python
import os,time
##Input, Output, and TimeStamp
inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
##Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
Rules..\n')
##Loop to read in file and Apply rules to IPtables
for line in inFile.readlines():
tmp = line.split(';')
IP = tmp[0]
outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
REJECT' )
logFile.write(IP), logFile.write(' - Has been blocked '),
logFile.write(stamp),logFile.write
The errors we're getting are like these:
Bad argument `174.37.65.204'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `94.159.162.182'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `95.134.132.98'
Try `iptables -h' or 'iptables --help' for more information.
etc.
Entries from the banlist.txt are like these:
200.193.54.138; February 9, 2013, 7:42 am <br>
87.120.57.4; February 9, 2013, 7:42 am <br>
82.206.129.160; February 9, 2013, 7:43 am <br>
etc.
I know the error points to a bad iptables command.
Can someone tell me what change(s) I need to make to this script to get
it working again? Thanks.
--
My email address on the header is a non-monitored spam catching account.
I can be reached via http://www.wvnh.net/contact.htm
Carlos Nepomuceno
May 23, 2013, 11:10:48 PM5/23/13
to pytho...@python.org
Send the output of the following commands:
uname -a
/sbin/iptables -V
----------------------------------------
> From: not...@earthlink.net
> Subject: Read txt file, add to iptables not working on new host
> Date: Thu, 23 May 2013 22:44:38 -0400
> To: pytho...@python.org
JackM
May 24, 2013, 9:08:26 AM5/24/13
to
Thanks for answering. Do you mean something like this?
outPut = os.popen('uname -a' '/sbin/iptables -V INPUT -s' + ' ' + IP + '
' + '-j REJECT' )
Sorry but like I said, I have no experience with any of this.
outPut = os.popen('uname -a' '/sbin/iptables -V INPUT -s' + ' ' + IP + '
' + '-j REJECT' )
Sorry but like I said, I have no experience with any of this.
Carlos Nepomuceno
May 24, 2013, 9:15:45 AM5/24/13
to pytho...@python.org
No, there's no need to change your python script, although it can be improved because as it is it may flush (delete all) iptables rules and let you vulnerable and don't create the new rules.
All you need to do is enter the commands in the shell and send it's output. The 'iptables' have changed.
----------------------------------------
> From: not...@earthlink.net
> Subject: Re: Read txt file, add to iptables not working on new host
> Date: Fri, 24 May 2013 09:08:26 -0400
> To: pytho...@python.org
Chris Angelico
May 24, 2013, 9:54:05 AM5/24/13
to pytho...@python.org
On Fri, May 24, 2013 at 12:44 PM, JackM <not...@earthlink.net> wrote:
> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' +
> '-j REJECT' )
There's so much about this script that's less than Pythonic, but the
> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' +
> '-j REJECT' )
one thing I'd really like to see is a log of the exact command being
executed. Replace the above line with this:
command = '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j REJECT'
outPut = os.popen(command)
logFile.write(command+"\n")
That will show, in your log, exactly what's being executed. You should
then be able to execute that command in the shell and see the exact
same result. That might also show you the problem - it might be
obvious from the commands logged.
If that doesn't work, here's a rewrite of your code for cleanliness,
which still does what I think your original code does. See if they act
differently...
-- cut --
#!/usr/bin/python
import os
import time
# Input, Output, and TimeStamp
inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
# Daily Flush of blockList rules before re-applying Blocks
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp+'\nFlushing Rules..\n')
# Loop to read in file and Apply rules to IPtables
for line in inFile: # TODO: Use 'with' for a bit of protection
ip = line.split(';')[0]
output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j REJECT' )
logFile.write(IP+' - Has been blocked\n')
-- cut --
Since the timestamp doesn't change across a run anyway, there's not
much point printing it out every time, and I'm also putting newlines
in the logfile. Beyond that, it should function the same way as the
original.
ChrisA
JackM
May 24, 2013, 12:32:40 PM5/24/13
to
So Chris, does this version look better? Changed to inFile to with.
#!/usr/bin/python
import os
import time
# Input, Output, and TimeStamp
logFile = open('/var/www/html/statistics/logs/banList.log','w')
#!/usr/bin/python
import os
import time
# Input, Output, and TimeStamp
stamp = time.asctime(time.localtime())
# Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp+'\nFlushing Rules..\n')
# Loop to read in file and Apply rules to IPtables
with open('/var/www/html/mydomain.com/banlist.txt','r') as inFile:
# Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp+'\nFlushing Rules..\n')
# Loop to read in file and Apply rules to IPtables
for line in inFile: # TODO: Use 'with' for a bit of protection
ip = line.split(';')[0]
output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j
REJECT' )
logFile.write(ip+' - Has been blocked\n')
ip = line.split(';')[0]
output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j
REJECT' )
Chris Angelico
May 24, 2013, 12:56:47 PM5/24/13
to pytho...@python.org
On Sat, May 25, 2013 at 2:32 AM, JackM <not...@earthlink.net> wrote:
> So Chris, does this version look better? Changed to inFile to with.
>
Heh, I didn't know you knew about with :) Since you know how to use
> So Chris, does this version look better? Changed to inFile to with.
>
it, you probably also know why it's useful. Anyway, the main thing is
to see the exact command that's being executed, which you then should
be able to try at a shell prompt.
ChrisA
Dave Angel
May 24, 2013, 3:29:27 PM5/24/13
to pytho...@python.org
On 05/24/2013 12:32 PM, JackM wrote:
> So Chris, does this version look better? Changed to inFile to with.
>
>
> #!/usr/bin/python
> import os
> import time
>
> # Input, Output, and TimeStamp
> logFile = open('/var/www/html/statistics/logs/banList.log','w')
> stamp = time.asctime(time.localtime())
>
> # Daily Flush of blockList rules before re-applying Blocks
> os.popen('/sbin/iptables -F INPUT')
> logFile.write(stamp+'\nFlushing Rules..\n')
>
> # Loop to read in file and Apply rules to IPtables
> with open('/var/www/html/mydomain.com/banlist.txt','r') as inFile:
> for line in inFile: # TODO: Use 'with' for a bit of protection
> ip = line.split(';')[0]
You want to write the command to the logfile here, BEFORE you try the
> So Chris, does this version look better? Changed to inFile to with.
>
>
> #!/usr/bin/python
> import os
> import time
>
> # Input, Output, and TimeStamp
> logFile = open('/var/www/html/statistics/logs/banList.log','w')
> stamp = time.asctime(time.localtime())
>
> # Daily Flush of blockList rules before re-applying Blocks
> os.popen('/sbin/iptables -F INPUT')
> logFile.write(stamp+'\nFlushing Rules..\n')
>
> # Loop to read in file and Apply rules to IPtables
> with open('/var/www/html/mydomain.com/banlist.txt','r') as inFile:
> for line in inFile: # TODO: Use 'with' for a bit of protection
> ip = line.split(';')[0]
popen(). That way if there's a problem, you can see what it was about
to try before it crashed.
> output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j
> REJECT' )
> logFile.write(ip+' - Has been blocked\n')
>
>
>
>
DaveA
0 new messages