I happen to have sone attacks coming from specific hosts which I decided to block access to the server. Here is how I did it using a script which deletes and reload a full iptables CHAIN based on a file containing a list of IPs/Ranges.
Create a file called blacklist.txt with one IP/Range per line in the same directory as the script.
Script to run at boot time
# Tiny firewall protecting rpcbind (port 111)
scriptdir=$(dirname $(readlink -f $0))
# Load the blacklists
HOSTS="$(cat $blacklist | egrep -v '^$|#')"
# Delete the existing custom chain
/sbin/iptables --flush BLACKLIST
/sbin/iptables -X BLACKLIST
/sbin/iptables -t filter -D INPUT -j BLACKLIST
# Create the BLACKLIST Chain and jump
/sbin/iptables -N BLACKLIST
/sbin/iptables -t filter -I INPUT -j BLACKLIST
# Fill-in the BLACKLIST Chain with rejected hosts list
for host in $HOSTS ; do
/sbin/iptables -A BLACKLIST -s $host -p tcp -j DROP
# Return from Blacklist
/sbin/iptables -A BLACKLIST -j RETURN
Note: iptables will complain with the following errors. Not to worry, it will still do the proper job.
iptables: Too many links.
iptables: Chain already exists.