How do I whitelist multiple IP address at the same time with Ubuntu 21.04?
I have to whitelist multiple IP addresses for QUIC.cloud CDN. How would I do this for about 50 IP addresses? I am using Ubuntu 21.04.
2 Replies
bd5k
Linode Staff
If you are using UFW to manage your firewall configuration, you could use a bash script to automate this process for you. Here's an example for how you might do so:
From your Linode, create a text file and then list the IP addresses you wish to allow, one per line. Here's an example I made using a random IP address generator:
~/iplist.txt
193.63.183.191
176.31.76.2
193.240.149.171
174.80.93.153
187.182.231.78
188.174.64.155
187.195.23.142
189.71.46.92
179.36.242.19
180.123.108.61
173.210.105.190
181.128.71.209
187.221.41.233
188.153.38.225
192.194.27.28
197.175.23.222
191.204.226.206
196.143.156.22
178.252.17.134
184.73.104.223
After adding the list of IP addresses, you'll want to save this file and then create a new script file. We're going to use the bash shell to loop over the IP addresses in this list and insert each one into the ufw allow command.
~/add_ip.sh
#!/bin/sh
for x in `cat ./iplist.txt`; do ufw allow from $x; done
ufw reload > /dev/null
Once you've saved this file, you'll want to make it executable via chmod 700 add_ip.sh. Then you can run it by typing ./add_ip.sh. This will add a new UFW allow rule for each of the IP addresses you've listed in the txt file. It's worth noting that your user account will need access to set UFW rules. When the script completes, you can review the current rules by running the ufw status command.
You can modify the content of the add_ip.sh script to allow access only on specific ports by appending to any port $number to the end of the ufw allow command in the script. For example if you wanted to allow only port 80 traffic from the IP addresses you'd want to configure the script to ufw allow from $x to any port 80.
Hope that helps as a starting point.
Note, that if you use ufw you will be stuck with Ubuntu for the rest of your natural life. If you decide to move your project to another distro, you’ve just signed yourself up for a lot of tedious porting work.
IMHO, better to do all that boring stuff up front and write your script to use iptables directly and future proof your work. @bd5k’s ideas would till apply. ufw is Canonical’s patent-medicine “friendly front-end” to iptables that has one purpose only — make it hard to port your stuff to another distro.
Like patent-medicines (that make you feel good for awhile because of their high grain alcohol content), use of ufw is a powerful inductor of a splitting headache.
— sw