Skip to content

Instantly share code, notes, and snippets.

@EggPool
Created July 25, 2018 13:24
Show Gist options
  • Save EggPool/a2a7f9782a90aeff674a2796e12c89ba to your computer and use it in GitHub Desktop.
Save EggPool/a2a7f9782a90aeff674a2796e12c89ba to your computer and use it in GitHub Desktop.
block amazon IPs

Block amazon's IP at OS level to avoid botnet attacks

Ubuntu, iptables

Prerequisites

sudo apt install jq wget

Install (user dir)

wget https://raw.githubusercontent.com/corbanworks/aws-blocker/master/aws-blocker
chmod +x aws-blocker
wget https://ip-ranges.amazonaws.com/ip-ranges.json

Install the rules

sudo ./aws-blocker < ip-ranges.json

Remove the rules

sudo iptables -F AWS

Update the ip file

Amazon's ip change frequently.
Since the list is hosted on amazon, we need to deactivate to update

sudo iptables -F AWS
rm ip-ranges.json
wget https://ip-ranges.amazonaws.com/ip-ranges.json
sudo ./aws-blocker < ip-ranges.json

Add an exception to the filter

If you want to allow a specific (set of) amazon ips, edit aws_blocker and as last line of the function
function create_and_flush_chain() {
add a line per exception:
iptables -A AWS -s ip.to.allow.anyway -j ACCEPT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment