IPTables Auto-Expiring Rules on Linux.

NetFilter IPTables Project Auto-Expiring Rules could be very interesting (for example) to ban IPs for a certain amount of time, and then have then automatically un-banned (by removing Filtering Rule).

IPTables do not provide an integrated solution for that, but a simple combination with the ‘at’ command can do the magic.

Let’s assume to ban the IP 10.0.0.10, for a time of 1 hour:

iptables -I INPUT -s 10.0.0.10 -j DROP && \
{ echo "iptables -D INPUT -s 10.0.0.10 -j DROP" | at now + 1 hour; }

AT queue list can be viewet by issuing the command ‘atq‘ and commands in a particular queue entry, by using ‘at -c #queue_id‘.


Comments are closed.