Untitled

#!/bin/bash
#
# Written for an old bind without rate-limiting feture
#

LOGWINDOWS=1000
SECURITYLOG=/var/log/named/security.log
IPTABLES_CHAIN=INPUT

IPLIST=$(tail -$LOGWINDOWS $SECURITYLOG | grep denied | awk '{ print $4 }' | sed 's/#.*//' | sort | uniq)

BLOCKING=$(iptables -L INPUT -n | tail -n+3 | wc -l)

echo ""
echo "Blocking $BLOCKING IPs"
echo ""


for IP in $IPLIST; do
  if $(iptables -L $IPTABLES_CHAIN -n | grep -q $IP) ; then
    echo "[ ] $IP already blocked"
else
  if iptables -A $IPTABLES_CHAIN -s $IP -j DROP; then
    echo "[+] $IP added to blocked IPs"
  else
    echo "[!] ERROR adding $IP to IpTables!"
  fi
fi
done