simple iptables bash script with whitelist ip file

Simple linux bash script to generate iptables with whitelist ip's from file and block all other

Topic:simple iptables bash script with whitelist ip file

simple iptables via bash script with whitelist file
iptables bash script whitelist ip list

  Overview: Iptables with ip whitelist file

    In this blog article i have provided a simple bash script to generate iptables which block all the request and allow only the IP's which are added in a particular file named as whitelist.txt, which also includes blocking sip scanners.

    iptables is a linux command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list

  Steps to be followed

    Step 1 : Creating whitelist file

    login to your linux ssh console using putty or direct server console, run the below command.

creating a folder name firewall and file whitelist.txt

mkdir /usr/src/firewall
touch /usr/src/firewall/whitelist.txt

    Step 2 : Entering the list of allowed ip's

Edit the whitelist.txt file and add the ip's to be allowed 

vi /usr/src/firewall/whitelist.txt

save and exit

    Step 3 : Locate where the iptables path

type the below command
which iptables
which iptables-save

it will outputs as below


Copy the output ,we have replace in bash script in next steps

    Step 4 : Iptables Bash script

Create a new File named as and copy paste the below scirpt

replace the iptables path in that file.

vi /usr/src/firewall/

copy and paste the below script

# allowed ip file location
## Specify where IP Tables is located
## Save current iptables running configuration in case we want to revert back
##  To restore using our example we would run "/sbin/iptables-restore < /usr/src/iptables.last"
$IPTABLES_SAVE > /usr/src/iptables.last
## Clear current rules
##If current INPUT policy is set to DROP we will be locked out once we flush the rules
## so we must first ensure it is set to ACCEPT.
echo 'Setting default INPUT policy to ACCEPT'
echo 'Clearing Tables F'
echo 'Clearing Tables X'
echo 'Clearing Tables Z'
#Always allow localhost.
echo 'Allowing Localhost'
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
## Whitelist
for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
# block all other traffice
## Save the rules so they are persistent on reboot.

replace lines based on output in step 3

Below line will allow port 22 ssh to all ip's, if you dont what this disable that line.

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

    Step 5 : Make file as read write and executable

run the below command to give read,write,executable permission to file

chmod +x /usr/src/firewall/

    Step 6 : Running the script

type the full path of the file as shown below .


    Step 7 : check the iptables rules

Run the below iptables command to check the iptables rules

iptables -L -n 

    Step 8: Persist the rules after reboot.

After reboot the iptables rules might got flushed, to avoid that either add the file in start up script ,under /etc/rc.d/rc.local  or run the file in cronjob to run on reboot

crontab -e
@reboot /usr/src/firewall/

Also see:
Script to block ssh attack automatically ClickHere
For support contact   skype :striker24x7

reference :

Next Post Previous Post
  • gopi baskar
    gopi baskar April 4, 2022 at 11:22 AM

    shell script to generate iptables with whitelist ip's

    • Anonymous
      Anonymous September 28, 2022 at 8:51 PM

      I tried this bash script and it is working good but there is one thing still i was able to ping server ip from any external ip address, is there a way to block server ping for external ip addresses except the one in white ip list?

Add Comment
comment url