Blocking Evil Spiders from EC2

Should you wish to block EC2 from your website - to stop evil spiders. Its a shame that this is required. Amazon should have an AUP that disallows totally anonymous spidering, and mandate that spiders respect robots.txt
Thanks to the information in https://forums.aws.amazon.com/ann.jspa?annID=1408 we can block all netblocks belonging to EC2
Code Block
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#Block EC2
-A INPUT -p tcp -s 72.44.32.0/19 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 72.44.32.0/19 -j DROP
-A INPUT -p tcp -s 67.202.0.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 67.202.0.0/18 -j DROP
-A INPUT -p tcp -s 75.101.128.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 75.101.128.0/17 -j DROP
-A INPUT -p tcp -s 174.129.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 174.129.0.0/16 -j DROP
-A INPUT -p tcp -s 204.236.192.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 204.236.192.0/18 -j DROP
-A INPUT -p tcp -s 184.73.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 184.73.0.0/16 -j DROP
-A INPUT -p tcp -s 184.72.128.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 184.72.128.0/17 -j DROP
-A INPUT -p tcp -s 184.72.64.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 184.72.64.0/18 -j DROP
-A INPUT -p tcp -s 50.16.0.0/15 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 50.16.0.0/15 -j DROP
-A INPUT -p tcp -s 50.19.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 50.19.0.0/16 -j DROP
-A INPUT -p tcp -s 107.20.0.0/14 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 107.20.0.0/14 -j DROP
-A INPUT -p tcp -s 23.20.0.0/14 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 23.20.0.0/14 -j DROP
-A INPUT -p tcp -s 50.112.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 50.112.0.0/16 -j DROP
-A INPUT -p tcp -s 204.236.128.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 204.236.128.0/18 -j DROP
-A INPUT -p tcp -s 184.72.0.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 184.72.0.0/18 -j DROP
-A INPUT -p tcp -s 50.18.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 50.18.0.0/16 -j DROP
-A INPUT -p tcp -s 184.169.128.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 184.169.128.0/17 -j DROP
-A INPUT -p tcp -s 79.125.0.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 79.125.0.0/17 -j DROP
-A INPUT -p tcp -s 46.51.128.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.51.128.0/18 -j DROP
-A INPUT -p tcp -s 46.51.192.0/20 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.51.192.0/20 -j DROP
-A INPUT -p tcp -s 46.137.0.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.137.0.0/17 -j DROP
-A INPUT -p tcp -s 46.137.128.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.137.128.0/18 -j DROP
-A INPUT -p tcp -s 176.34.128.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 176.34.128.0/17 -j DROP
-A INPUT -p tcp -s 176.34.64.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 176.34.64.0/18 -j DROP
-A INPUT -p tcp -s 54.247.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 54.247.0.0/16 -j DROP
-A INPUT -p tcp -s 175.41.128.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 175.41.128.0/18 -j DROP
-A INPUT -p tcp -s 122.248.192.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 122.248.192.0/18 -j DROP
-A INPUT -p tcp -s 46.137.192.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.137.192.0/18 -j DROP
-A INPUT -p tcp -s 46.51.216.0/21 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.51.216.0/21 -j DROP
-A INPUT -p tcp -s 54.251.0.0/16 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 54.251.0.0/16 -j DROP
-A INPUT -p tcp -s 175.41.192.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 175.41.192.0/18 -j DROP
-A INPUT -p tcp -s 46.51.224.0/19 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 46.51.224.0/19 -j DROP
-A INPUT -p tcp -s 176.32.64.0/19 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 176.32.64.0/19 -j DROP
-A INPUT -p tcp -s 103.4.8.0/21 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 103.4.8.0/21 -j DROP
-A INPUT -p tcp -s 176.34.0.0/18 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 176.34.0.0/18 -j DROP
-A INPUT -p tcp -s 54.248.0.0/15 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 54.248.0.0/15 -j DROP
-A INPUT -p tcp -s 177.71.128.0/17 -m limit --limit 1/hour -j LOG --log-prefix "iptables denied EC2:" --log-level 7
-A INPUT -p tcp -s 177.71.128.0/17 -j DROP

# These ports are open for anybody
-A INPUT -p tcp --dport 80 -j ACCEPT

# Trusted Hosts can connect on any port
#-A INPUT -p tcp -s (some server) -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls
-A INPUT -m limit --limit 1/hour -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
*nat
COMMIT
...
Note: This blocks all traffic from EC2 - Even legit - But not many real people are there
Blocking Evil Spiders from EC2

Versions Compared

Old Version 1

New Version Current

Key
