Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #45862 > unrolled thread
| Started by | JackM <notreal@earthlink.net> |
|---|---|
| First post | 2013-05-23 22:44 -0400 |
| Last post | 2013-05-24 15:29 -0400 |
| Articles | 8 — 4 participants |
Back to article view | Back to comp.lang.python
Read txt file, add to iptables not working on new host JackM <notreal@earthlink.net> - 2013-05-23 22:44 -0400
RE: Read txt file, add to iptables not working on new host Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-24 06:10 +0300
Re: Read txt file, add to iptables not working on new host JackM <notreal@earthlink.net> - 2013-05-24 09:08 -0400
RE: Read txt file, add to iptables not working on new host Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-24 16:15 +0300
Re: Read txt file, add to iptables not working on new host Chris Angelico <rosuav@gmail.com> - 2013-05-24 23:54 +1000
Re: Read txt file, add to iptables not working on new host JackM <notreal@earthlink.net> - 2013-05-24 12:32 -0400
Re: Read txt file, add to iptables not working on new host Chris Angelico <rosuav@gmail.com> - 2013-05-25 02:56 +1000
Re: Read txt file, add to iptables not working on new host Dave Angel <davea@davea.name> - 2013-05-24 15:29 -0400
| From | JackM <notreal@earthlink.net> |
|---|---|
| Date | 2013-05-23 22:44 -0400 |
| Subject | Read txt file, add to iptables not working on new host |
| Message-ID | <puAnt.800936$OJ2.639894@en-nntp-11.dc1.easynews.com> |
First, let me say that I have no knowledge of or experience with Python
or Linux/Unix. I have a script which was written by a host tech person
that ran via cron on my old server. It was designed to read IP addresses
from a text file and add them to be blocked on iptables. That way, we
could add or remove IPs without involving tech support daily. It worked
great.
Then we changed hosts and this script is now throwing errors on the new
server. This host runs Python 2.6.6. This is the script:
#!/usr/bin/python
import os,time
##Input, Output, and TimeStamp
inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
##Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
Rules..\n')
##Loop to read in file and Apply rules to IPtables
for line in inFile.readlines():
tmp = line.split(';')
IP = tmp[0]
outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
REJECT' )
logFile.write(IP), logFile.write(' - Has been blocked '),
logFile.write(stamp),logFile.write
The errors we're getting are like these:
Bad argument `174.37.65.204'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `94.159.162.182'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `95.134.132.98'
Try `iptables -h' or 'iptables --help' for more information.
etc.
Entries from the banlist.txt are like these:
200.193.54.138; February 9, 2013, 7:42 am <br>
87.120.57.4; February 9, 2013, 7:42 am <br>
82.206.129.160; February 9, 2013, 7:43 am <br>
etc.
I know the error points to a bad iptables command.
Can someone tell me what change(s) I need to make to this script to get
it working again? Thanks.
--
My email address on the header is a non-monitored spam catching account.
I can be reached via http://www.wvnh.net/contact.htm
[toc] | [next] | [standalone]
| From | Carlos Nepomuceno <carlosnepomuceno@outlook.com> |
|---|---|
| Date | 2013-05-24 06:10 +0300 |
| Message-ID | <mailman.2048.1369365052.3114.python-list@python.org> |
| In reply to | #45862 |
Send the output of the following commands:
uname -a
/sbin/iptables -V
----------------------------------------
> From: notreal@earthlink.net
> Subject: Read txt file, add to iptables not working on new host
> Date: Thu, 23 May 2013 22:44:38 -0400
> To: python-list@python.org
>
> First, let me say that I have no knowledge of or experience with Python
> or Linux/Unix. I have a script which was written by a host tech person
> that ran via cron on my old server. It was designed to read IP addresses
> from a text file and add them to be blocked on iptables. That way, we
> could add or remove IPs without involving tech support daily. It worked
> great.
>
> Then we changed hosts and this script is now throwing errors on the new
> server. This host runs Python 2.6.6. This is the script:
>
> #!/usr/bin/python
> import os,time
>
> ##Input, Output, and TimeStamp
> inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
> logFile = open('/var/log/banList.log','w')
> stamp = time.asctime(time.localtime())
>
>
> ##Daily Flush of blockList rules before re-applying Blocks
> os.popen('/sbin/iptables -F INPUT')
> logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
> Rules..\n')
>
> ##Loop to read in file and Apply rules to IPtables
> for line in inFile.readlines():
> tmp = line.split(';')
> IP = tmp[0]
> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
> REJECT' )
> logFile.write(IP), logFile.write(' - Has been blocked '),
> logFile.write(stamp),logFile.write
>
>
> The errors we're getting are like these:
>
> Bad argument `174.37.65.204'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `94.159.162.182'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `95.134.132.98'
> Try `iptables -h' or 'iptables --help' for more information.
> etc.
>
> Entries from the banlist.txt are like these:
>
> 200.193.54.138; February 9, 2013, 7:42 am <br>
> 87.120.57.4; February 9, 2013, 7:42 am <br>
> 82.206.129.160; February 9, 2013, 7:43 am <br>
> etc.
>
> I know the error points to a bad iptables command.
> Can someone tell me what change(s) I need to make to this script to get
> it working again? Thanks.
>
>
>
> --
> My email address on the header is a non-monitored spam catching account.
> I can be reached via http://www.wvnh.net/contact.htm
>
> --
> http://mail.python.org/mailman/listinfo/python-list
[toc] | [prev] | [next] | [standalone]
| From | JackM <notreal@earthlink.net> |
|---|---|
| Date | 2013-05-24 09:08 -0400 |
| Message-ID | <aDJnt.102617$zH4.33757@en-nntp-14.dc1.easynews.com> |
| In reply to | #45863 |
Thanks for answering. Do you mean something like this?
outPut = os.popen('uname -a' '/sbin/iptables -V INPUT -s' + ' ' + IP + '
' + '-j REJECT' )
Sorry but like I said, I have no experience with any of this.
On 5/23/2013 11:10 PM, Carlos Nepomuceno wrote:
> Send the output of the following commands:
>
> uname -a
> /sbin/iptables -V
>
>
> ----------------------------------------
>> From: notreal@earthlink.net
>> Subject: Read txt file, add to iptables not working on new host
>> Date: Thu, 23 May 2013 22:44:38 -0400
>> To: python-list@python.org
>>
>> First, let me say that I have no knowledge of or experience with Python
>> or Linux/Unix. I have a script which was written by a host tech person
>> that ran via cron on my old server. It was designed to read IP addresses
>> from a text file and add them to be blocked on iptables. That way, we
>> could add or remove IPs without involving tech support daily. It worked
>> great.
>>
>> Then we changed hosts and this script is now throwing errors on the new
>> server. This host runs Python 2.6.6. This is the script:
>>
>> #!/usr/bin/python
>> import os,time
>>
>> ##Input, Output, and TimeStamp
>> inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
>> logFile = open('/var/log/banList.log','w')
>> stamp = time.asctime(time.localtime())
>>
>>
>> ##Daily Flush of blockList rules before re-applying Blocks
>> os.popen('/sbin/iptables -F INPUT')
>> logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
>> Rules..\n')
>>
>> ##Loop to read in file and Apply rules to IPtables
>> for line in inFile.readlines():
>> tmp = line.split(';')
>> IP = tmp[0]
>> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
>> REJECT' )
>> logFile.write(IP), logFile.write(' - Has been blocked '),
>> logFile.write(stamp),logFile.write
>>
>>
>> The errors we're getting are like these:
>>
>> Bad argument `174.37.65.204'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `94.159.162.182'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `95.134.132.98'
>> Try `iptables -h' or 'iptables --help' for more information.
>> etc.
>>
>> Entries from the banlist.txt are like these:
>>
>> 200.193.54.138; February 9, 2013, 7:42 am <br>
>> 87.120.57.4; February 9, 2013, 7:42 am <br>
>> 82.206.129.160; February 9, 2013, 7:43 am <br>
>> etc.
>>
>> I know the error points to a bad iptables command.
>> Can someone tell me what change(s) I need to make to this script to get
>> it working again? Thanks.
>>
>>
>>
>> --
>> My email address on the header is a non-monitored spam catching account.
>> I can be reached via http://www.wvnh.net/contact.htm
>>
>> --
[toc] | [prev] | [next] | [standalone]
| From | Carlos Nepomuceno <carlosnepomuceno@outlook.com> |
|---|---|
| Date | 2013-05-24 16:15 +0300 |
| Message-ID | <mailman.2066.1369401353.3114.python-list@python.org> |
| In reply to | #45883 |
No, there's no need to change your python script, although it can be improved because as it is it may flush (delete all) iptables rules and let you vulnerable and don't create the new rules.
All you need to do is enter the commands in the shell and send it's output. The 'iptables' have changed.
----------------------------------------
> From: notreal@earthlink.net
> Subject: Re: Read txt file, add to iptables not working on new host
> Date: Fri, 24 May 2013 09:08:26 -0400
> To: python-list@python.org
>
> Thanks for answering. Do you mean something like this?
>
> outPut = os.popen('uname -a' '/sbin/iptables -V INPUT -s' + ' ' + IP + '
> ' + '-j REJECT' )
>
> Sorry but like I said, I have no experience with any of this.
>
>
>
> On 5/23/2013 11:10 PM, Carlos Nepomuceno wrote:
>> Send the output of the following commands:
>>
>> uname -a
>> /sbin/iptables -V
>>
>>
>> ----------------------------------------
>>> From: notreal@earthlink.net
>>> Subject: Read txt file, add to iptables not working on new host
>>> Date: Thu, 23 May 2013 22:44:38 -0400
>>> To: python-list@python.org
>>>
>>> First, let me say that I have no knowledge of or experience with Python
>>> or Linux/Unix. I have a script which was written by a host tech person
>>> that ran via cron on my old server. It was designed to read IP addresses
>>> from a text file and add them to be blocked on iptables. That way, we
>>> could add or remove IPs without involving tech support daily. It worked
>>> great.
>>>
>>> Then we changed hosts and this script is now throwing errors on the new
>>> server. This host runs Python 2.6.6. This is the script:
>>>
>>> #!/usr/bin/python
>>> import os,time
>>>
>>> ##Input, Output, and TimeStamp
>>> inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
>>> logFile = open('/var/log/banList.log','w')
>>> stamp = time.asctime(time.localtime())
>>>
>>>
>>> ##Daily Flush of blockList rules before re-applying Blocks
>>> os.popen('/sbin/iptables -F INPUT')
>>> logFile.write(stamp), logFile.write('\n'), logFile.write('Flushing
>>> Rules..\n')
>>>
>>> ##Loop to read in file and Apply rules to IPtables
>>> for line in inFile.readlines():
>>> tmp = line.split(';')
>>> IP = tmp[0]
>>> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j
>>> REJECT' )
>>> logFile.write(IP), logFile.write(' - Has been blocked '),
>>> logFile.write(stamp),logFile.write
>>>
>>>
>>> The errors we're getting are like these:
>>>
>>> Bad argument `174.37.65.204'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> Bad argument `94.159.162.182'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> Bad argument `95.134.132.98'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> etc.
>>>
>>> Entries from the banlist.txt are like these:
>>>
>>> 200.193.54.138; February 9, 2013, 7:42 am <br>
>>> 87.120.57.4; February 9, 2013, 7:42 am <br>
>>> 82.206.129.160; February 9, 2013, 7:43 am <br>
>>> etc.
>>>
>>> I know the error points to a bad iptables command.
>>> Can someone tell me what change(s) I need to make to this script to get
>>> it working again? Thanks.
>>>
>>>
>>>
>>> --
>>> My email address on the header is a non-monitored spam catching account.
>>> I can be reached via http://www.wvnh.net/contact.htm
>>>
>>> --
>
>
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
[toc] | [prev] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-05-24 23:54 +1000 |
| Message-ID | <mailman.2067.1369403653.3114.python-list@python.org> |
| In reply to | #45862 |
On Fri, May 24, 2013 at 12:44 PM, JackM <notreal@earthlink.net> wrote:
> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' +
> '-j REJECT' )
There's so much about this script that's less than Pythonic, but the
one thing I'd really like to see is a log of the exact command being
executed. Replace the above line with this:
command = '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j REJECT'
outPut = os.popen(command)
logFile.write(command+"\n")
That will show, in your log, exactly what's being executed. You should
then be able to execute that command in the shell and see the exact
same result. That might also show you the problem - it might be
obvious from the commands logged.
If that doesn't work, here's a rewrite of your code for cleanliness,
which still does what I think your original code does. See if they act
differently...
-- cut --
#!/usr/bin/python
import os
import time
# Input, Output, and TimeStamp
inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
logFile = open('/var/log/banList.log','w')
stamp = time.asctime(time.localtime())
# Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp+'\nFlushing Rules..\n')
# Loop to read in file and Apply rules to IPtables
for line in inFile: # TODO: Use 'with' for a bit of protection
ip = line.split(';')[0]
output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j REJECT' )
logFile.write(IP+' - Has been blocked\n')
-- cut --
Since the timestamp doesn't change across a run anyway, there's not
much point printing it out every time, and I'm also putting newlines
in the logfile. Beyond that, it should function the same way as the
original.
ChrisA
[toc] | [prev] | [next] | [standalone]
| From | JackM <notreal@earthlink.net> |
|---|---|
| Date | 2013-05-24 12:32 -0400 |
| Message-ID | <FCMnt.5938$4E1.5852@en-nntp-08.dc1.easynews.com> |
| In reply to | #45890 |
So Chris, does this version look better? Changed to inFile to with.
#!/usr/bin/python
import os
import time
# Input, Output, and TimeStamp
logFile = open('/var/www/html/statistics/logs/banList.log','w')
stamp = time.asctime(time.localtime())
# Daily Flush of blockList rules before re-applying Blocks
os.popen('/sbin/iptables -F INPUT')
logFile.write(stamp+'\nFlushing Rules..\n')
# Loop to read in file and Apply rules to IPtables
with open('/var/www/html/mydomain.com/banlist.txt','r') as inFile:
for line in inFile: # TODO: Use 'with' for a bit of protection
ip = line.split(';')[0]
output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j
REJECT' )
logFile.write(ip+' - Has been blocked\n')
On 5/24/2013 9:54 AM, Chris Angelico wrote:
> On Fri, May 24, 2013 at 12:44 PM, JackM <notreal@earthlink.net> wrote:
>> outPut = os.popen( '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' +
>> '-j REJECT' )
>
> There's so much about this script that's less than Pythonic, but the
> one thing I'd really like to see is a log of the exact command being
> executed. Replace the above line with this:
>
> command = '/sbin/iptables -A INPUT -s' + ' ' + IP + ' ' + '-j REJECT'
> outPut = os.popen(command)
> logFile.write(command+"\n")
>
> That will show, in your log, exactly what's being executed. You should
> then be able to execute that command in the shell and see the exact
> same result. That might also show you the problem - it might be
> obvious from the commands logged.
>
> If that doesn't work, here's a rewrite of your code for cleanliness,
> which still does what I think your original code does. See if they act
> differently...
>
> -- cut --
>
> #!/usr/bin/python
> import os
> import time
>
> # Input, Output, and TimeStamp
> inFile = open('/var/www/html/mydomain.com/banlist.txt','r')
> logFile = open('/var/log/banList.log','w')
> stamp = time.asctime(time.localtime())
>
> # Daily Flush of blockList rules before re-applying Blocks
> os.popen('/sbin/iptables -F INPUT')
> logFile.write(stamp+'\nFlushing Rules..\n')
>
> # Loop to read in file and Apply rules to IPtables
> for line in inFile: # TODO: Use 'with' for a bit of protection
> ip = line.split(';')[0]
> output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j REJECT' )
> logFile.write(IP+' - Has been blocked\n')
>
>
> -- cut --
>
> Since the timestamp doesn't change across a run anyway, there's not
> much point printing it out every time, and I'm also putting newlines
> in the logfile. Beyond that, it should function the same way as the
> original.
>
> ChrisA
>
--
My email address on the header is a non-monitored spam catching account.
I can be reached via http://www.wvnh.net/contact.htm
[toc] | [prev] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-05-25 02:56 +1000 |
| Message-ID | <mailman.2072.1369414617.3114.python-list@python.org> |
| In reply to | #45900 |
On Sat, May 25, 2013 at 2:32 AM, JackM <notreal@earthlink.net> wrote: > So Chris, does this version look better? Changed to inFile to with. > Heh, I didn't know you knew about with :) Since you know how to use it, you probably also know why it's useful. Anyway, the main thing is to see the exact command that's being executed, which you then should be able to try at a shell prompt. ChrisA
[toc] | [prev] | [next] | [standalone]
| From | Dave Angel <davea@davea.name> |
|---|---|
| Date | 2013-05-24 15:29 -0400 |
| Message-ID | <mailman.2075.1369423780.3114.python-list@python.org> |
| In reply to | #45900 |
On 05/24/2013 12:32 PM, JackM wrote:
> So Chris, does this version look better? Changed to inFile to with.
>
>
> #!/usr/bin/python
> import os
> import time
>
> # Input, Output, and TimeStamp
> logFile = open('/var/www/html/statistics/logs/banList.log','w')
> stamp = time.asctime(time.localtime())
>
> # Daily Flush of blockList rules before re-applying Blocks
> os.popen('/sbin/iptables -F INPUT')
> logFile.write(stamp+'\nFlushing Rules..\n')
>
> # Loop to read in file and Apply rules to IPtables
> with open('/var/www/html/mydomain.com/banlist.txt','r') as inFile:
> for line in inFile: # TODO: Use 'with' for a bit of protection
> ip = line.split(';')[0]
You want to write the command to the logfile here, BEFORE you try the
popen(). That way if there's a problem, you can see what it was about
to try before it crashed.
> output = os.popen( '/sbin/iptables -A INPUT -s ' + ip + ' -j
> REJECT' )
> logFile.write(ip+' - Has been blocked\n')
>
>
>
>
--
DaveA
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web