#!/bin/bash# here's your list of IPSCURRENT_BL=/path/to/my/ip_black_list.txt#

1. #!/bin/bash
2. # here's your list of IPS
3. CURRENT_BL=/path/to/my/ip_black_list.txt
4. # create/flush recreate the tables
5. iptables -F BLACKHOLE
6. iptables -N BLACKHOLE
7. for BAD_IP in $(cat $CURRENT_BL)
8. do
9. ipset add ipset-blacklist $BAD_IP 2>/dev/null ||
10. echo "Failed to add ${BAD_IP}"
11. done
12. # REJECT the matching target
13. iptables -A BLACKHOLE -p all -m set --match-set ipset-blacklist src -j REJECT
14. iptables -A BLACKHOLE -j RETURN
15. # assume your nginx is on 80 and 443
16. iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j BLACKHOLE
17. iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j ACCEPT
18.  
19. ipset add ipset-blacklist X.X.X.X