How do I list IP addresses blocked by iptables?

Solution 1:

One option would be to log any of your dropped packets with a rule like:

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl -j LOG --log-prefix "FW_DROPPED: "

Insert that immediately before the DROP rule. Then, you can grep the syslog file for anything with "FW_DROPPED" in it and the list of IPs will be there. The entries in the log file look something like this:

Jun  3 08:05:57 some-machine kernel: [15852451.420557] FW_DROPPED: IN=eth0 OUT= MAC=00:50:ba:4a:d9:e3:00:12:17:3a:e3:64:08:00 SRC=228.23.45.189 DST=192.168.1.1 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=10941 PROTO=TCP SPT=58212 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

So, snipping out what follows "SRC=" will show you the dropped IPs. Sort that, eliminating duplicates, and you'll have your list.

I've found the Iptables Tutorial to be the most useful documentation for iptables/netfilter.

Solution 2:

You can find details under /proc/net/ipt_recent/SSH.

This article has more information.

Solution 3:

Look at

/proc/net/ipt_recent/YOURNAME

where YOURNAME is the name you used with --name option in your iptables rule.

Solution 4:

Here is a simple one liner:

$ iptables -L -n --line

How do I list IP addresses blocked by iptables?

Solution 1:

Solution 2:

Solution 3:

Solution 4:

Tags:

Linux

Iptables

Related

Recent Posts