Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Modify script as per your setup
- # Usage: Sample firewall script
- # ---------------------------
- _input=/root/ipb/ipv6/mh.zone
- _pub_if="eth0 inet6"
- IPT=/sbin/iptables
- # Die if file not found
- [ ! -f "$_input" ] && { echo "$0: File $_input not found."; exit 1; }
- ### Setup our black list ###
- # Create a new chain
- $IPT -N droplistv6
- # Filter out comments and blank lines
- # store each ip or subnet in $ip
- egrep -v "^#|^$" x | while IFS= read -r ip
- do
- # Append everything to droplistv6
- $IPT -A droplistv6 -i ${_pub_if} -s $ip -j LOG --log-prefix " Drop Bad IP List "
- $IPT -A droplistv6 -i ${_pub_if} -s $ip -j DROP
- done <"${_input}"
- # Finally, insert or append our black list
- $IPT -I INPUT -j droplistv6
- $IPT -I OUTPUT -j droplistv6
- $IPT -I FORWARD -j droplistv6
- # drop and log everything else
- $IPT -A INPUT -m limit --limit 5/m --limit-burst 7 -j LOG
- $IPT -A INPUT -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement