Skip to content

Instantly share code, notes, and snippets.

@EggPool

EggPool/no_ec2.md

Created July 25, 2018 13:24
Show Gist options
  • Save EggPool/a2a7f9782a90aeff674a2796e12c89ba to your computer and use it in GitHub Desktop.
Save EggPool/a2a7f9782a90aeff674a2796e12c89ba to your computer and use it in GitHub Desktop.
Download ZIP
block amazon IPs
Raw
no_ec2.md

Block amazon's IP at OS level to avoid botnet attacks

Ubuntu, iptables

Prerequisites

sudo apt install jq wget

Install (user dir)

wget https://raw.githubusercontent.com/corbanworks/aws-blocker/master/aws-blocker
chmod +x aws-blocker
wget https://ip-ranges.amazonaws.com/ip-ranges.json

Install the rules

sudo ./aws-blocker < ip-ranges.json

Remove the rules

sudo iptables -F AWS

Update the ip file

Amazon's ip change frequently.
Since the list is hosted on amazon, we need to deactivate to update

sudo iptables -F AWS
rm ip-ranges.json
wget https://ip-ranges.amazonaws.com/ip-ranges.json
sudo ./aws-blocker < ip-ranges.json

Add an exception to the filter

If you want to allow a specific (set of) amazon ips, edit aws_blocker and as last line of the function
function create_and_flush_chain() {
add a line per exception:
iptables -A AWS -s ip.to.allow.anyway -j ACCEPT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment