Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # Written for an old bind without rate-limiting feture
- #
- LOGWINDOWS=1000
- SECURITYLOG=/var/log/named/security.log
- IPTABLES_CHAIN=INPUT
- IPLIST=$(tail -$LOGWINDOWS $SECURITYLOG | grep denied | awk '{ print $4 }' | sed 's/#.*//' | sort | uniq)
- BLOCKING=$(iptables -L INPUT -n | tail -n+3 | wc -l)
- echo ""
- echo "Blocking $BLOCKING IPs"
- echo ""
- for IP in $IPLIST; do
- if $(iptables -L $IPTABLES_CHAIN -n | grep -q $IP) ; then
- echo "[ ] $IP already blocked"
- else
- if iptables -A $IPTABLES_CHAIN -s $IP -j DROP; then
- echo "[+] $IP added to blocked IPs"
- else
- echo "[!] ERROR adding $IP to IpTables!"
- fi
- fi
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement