a guest Feb 19th, 2019 71 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # here's your list of IPS
  3. CURRENT_BL=/path/to/my/ip_black_list.txt
  4. # create/flush recreate the tables
  5. iptables -F BLACKHOLE
  6. iptables -N BLACKHOLE
  7. for BAD_IP in $(cat $CURRENT_BL)
  8. do
  9.         ipset add ipset-blacklist $BAD_IP 2>/dev/null ||
  10.                 echo "Failed to add ${BAD_IP}"
  11. done
  12. # REJECT the matching target
  13. iptables -A BLACKHOLE -p all -m set --match-set ipset-blacklist src -j REJECT
  14. iptables -A BLACKHOLE -j RETURN
  15. # assume your nginx is on 80 and 443
  16. iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j BLACKHOLE
  17. iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j ACCEPT
  19. ipset add ipset-blacklist X.X.X.X
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand