sábado, 16 de agosto de 2014

Iptables block ip address – Security Shell Script


by  on DECEMBER 20, 2008 ·
Create /root/iptables/blocked.ips file as follows with list of ips and subnets to block entering your dedicated server:
192.168.1.0/24
202.54.1.2
# spam
202.5.1.2



Call following script from your existing shell script:
    

  1. 
#!/bin/bash
    

    2. 

  2. 
# Simple iptables IP/subnet block script 
    

    3. 

  3. 
# -------------------------------------------------------------------------
    

    4. 

  4. 
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
    

    5. 

  5. 
# This script is licensed under GNU GPL version 2.0 or above
    

    6. 

  6. 
# -------------------------------------------------------------------------
    

    7. 

  7. 
# This script is part of nixCraft shell script collection (NSSC)
    

    8. 

  8. 
# Visit http://bash.cyberciti.biz/ for more information.
    

    9. 

  9. 
# ----------------------------------------------------------------------
    

    10. 

  10. 
IPT=/sbin/iptables
    

    11. 

  11. 
SPAMLIST="spamlist"
    

    12. 

  12. 
SPAMDROPMSG="SPAM LIST DROP"
    

    13. 

  13. 
BADIPS=$(egrep -v -E "^#|^$" /root/iptables/blocked.ips)
    

    14. 

  14. 

    

    15. 

  15. 
# create a new iptables list
    

    16. 

  16. 
$IPT -N $SPAMLIST
    

    17. 

  17. 

    

    18. 

  18. 
for ipblock in $BADIPS
    

    19. 

  19. 
do
    

    20. 

  20. 
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
    

    21. 

  21. 
$IPT -A $SPAMLIST -s $ipblock -j DROP
    

    22. 

  22. 
done
    

    23. 

  23. 

    

    24. 

  24. 
$IPT -I INPUT -j $SPAMLIST
    

    25. 

  25. 
$IPT -I OUTPUT -j $SPAMLIST
    

    26. 

  26. 
$IPT -I FORWARD -j $SPAMLIST
    

    27.
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)