Pues a mi el script me funciona perfectamente:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# cat prueba.sh
#! /bin/sh -e
if [ -f bad.txt ]
then
for BAD_IP in `cat bad.txt`
do
iptables -A INPUT -s $BAD_IP -j DROP
done
else
echo "Can't read bad.txt"
fi
# ./prueba.sh
#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
DROP all -- 0-128.io-global.com/19 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
No entiendo porque a ti no. Mira ver los modulos
# lsmod | grep ipt
ipt_REJECT 6656 2
iptable_filter 6528 1
ip_tables 13840 1 iptable_filter
x_tables 15236 6 ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables
Los ip6 no te hacen falta claro